×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security IT Consultant

Executive Director, Info Security

Job in Iowa, Calcasieu Parish, Louisiana, 70647, USA
Listing for: 1008 Disney Worldwide Services, Inc.
Full Time position
Listed on 2026-06-02
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 197500 - 291500 USD Yearly USD 197500.00 291500.00 YEAR
Job Description & How to Apply Below
Location: Iowa

Executive Director, Info Security – reporting to Disney’s Global Information Security (GIS) organization, driving transformation of the Info Sec Governance, Risk & Compliance (GRC) function.

The Enterprise Technology & Data mission at Disney focuses on delivering technology solutions that align with business strategies while enabling enterprise efficiency and cross‑company innovation. The GRC team operates as a strategic powerhouse, redefining compliance and risk management to support business decisions across Disney.

Responsibilities
  • Transform the GRC program to a dynamic, risk‑intelligence‑led model that informs investment, staffing, and remediation.
  • Develop novel approaches to risk quantification, compliance automation, and governance integration.
  • Partner with GIS Leadership and Segment CTO teams to translate complex risk landscapes into executive‑ready insights.
  • Champion a culture shift that makes risk‑informed thinking intuitive across GIS and the broader enterprise.
  • Oversee the development and operations of Disney’s comprehensive Info Sec Risk Management program, including frameworks, risk registers, and risk‑based prioritization.
  • Establish and operationalize risk tolerance frameworks in collaboration with executive leadership.
  • Build and mature a cybersecurity risk register integrated with threat intelligence and third‑party inputs.
  • Drive risk‑based prioritization across all Info Sec functions, ensuring roadmaps are anchored in defensible risk reduction rationale.
  • Develop executive and board‑level risk reporting that is clear, credible, and decision‑ready.
  • Lead efforts to quantify Info Sec risk in financial terms (FAIR or equivalent) for investment comparisons.
  • Lead third‑party and supply chain risk intelligence beyond questionnaire‑based assessments.
  • Oversee policy development, maintenance, and lifecycle management of enterprise‑wide security policies and standards.
  • Drive automated policy enforcement and integration of governance requirements into technology design life cycles.
  • Lead policy effectiveness measurement and pioneering forward‑looking policy architecture for emerging technology domains.
  • Oversee annual NIST CSF assessments and report program maturity to senior leadership.
  • Provide governance consultation to segments and business units, ensuring security requirements are actionable.
  • Provide oversight of regulatory, contractual, and policy compliance programs, including SOX 404, PCI DSS, GDPR, etc.
  • Build compliance‑as‑a‑service capabilities for technology teams, reducing compliance burden.
  • Proactively monitor the regulatory horizon and position Disney for upcoming requirements.
  • Lead, develop, and inspire a high‑performing organization of ~40+ professionals across Governance, Compliance, and Risk Management.
Must Haves
  • 12+ years of progressive experience in cybersecurity, technology risk, or technology compliance; 3+ years in leadership roles overseeing GRC functions at enterprise scale.
  • Demonstrated track record of building and transforming GRC programs, moving organizations to risk‑driven operating models.
  • Deep expertise across risk management, governance, and compliance frameworks (NIST CSF, 800‑53, ISO
    27001, PCIDSS
    4.0, SOX ITGC, GDPR).
  • Proven executive presence with the ability to command a room, build trust with senior leadership, and translate technical risk concepts into business language.
  • Strong experience in risk quantification methodologies (FAIR or equivalent) and driving financial‑terms risk reporting for executive audiences.
  • Expert‑level knowledge of security audit methodologies, controls testing, and assurance processes across ITGCs and automated application controls.
  • Hands‑on familiarity with GRC tooling and platforms (Archer, SailPoint, Service

    NowGRC, or equivalent).
  • Solid understanding of cloud security architecture and compliance implications for major cloud providers (AWS, Azure, GCP).
  • Familiarity with Dev Sec Ops  practices and integration of controls into software development and infrastructure pipelines.
  • One or more of the following certifications required: CISSP, CISM, CISA, CRISC.
Nice To Haves
  • Experience in the media & entertainment, sports, hospitality, or retail industries.
  • Understand in…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search