×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Executive Director, Info Security

Job in New York, New York County, New York, 10261, USA
Listing for: The Walt Disney Company (Germany) GmbH
Full Time position
Listed on 2026-06-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 217300 - 291500 USD Yearly USD 217300.00 291500.00 YEAR
Job Description & How to Apply Below
Location: New York

Executive Director, Info Sec Governance, Risk, and Compliance Team Description

The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are:
Reduce the risk of both accidental and malicious data disclosure;
Identify, monitor, engage with complete inventory of information;
Establish appropriate policies and procedures to be followed;
Educate user community to minimize risk.

What You’ll Do
  • Drive the evolution of Disney’s Info Sec GRC program from a compliance‑centric model to a dynamic, risk‑intelligence‑led capability that informs enterprise investment and prioritization decisions
  • Define and elevate GRC standards by introducing innovative approaches to risk quantification, compliance automation, and integrated governance
  • Partner with GIS and segment technology leadership to position GRC as a strategic business enabler, translating complex risks into actionable, executive‑ready insights
  • Champion a culture where risk awareness is embedded into daily decision‑making, enabling intuitive and scalable risk‑informed behaviors across the enterprise
  • Lead the design, implementation, and continuous improvement of Disney’s enterprise Info Sec Risk Management Framework
  • Establish and operationalize risk tolerance models, translating business objectives into clear prioritization, investment, and remediation decisions
  • Build and mature a centralized cybersecurity risk register integrating threat intelligence, vulnerabilities, and third‑party risk data
  • Drive risk‑based prioritization across Info Sec functions to ensure measurable risk reduction and alignment to enterprise objectives
  • Deliver clear, credible, and decision‑ready risk reporting to executive leadership and the Board, including financial risk quantification (e.g., FAIR)
Governance Program Leadership
  • Oversee the full lifecycle of Info Sec policies, standards, and guidelines, ensuring they are risk‑based, actionable, and aligned with business needs
  • Embed governance controls into the technology lifecycle (e.g., Dev Sec Ops , cloud, infrastructure‑as‑code), reducing reliance on manual processes through automation
  • Establish a policy effectiveness framework focused on behavioral change and measurable risk reduction
  • Define and advance governance strategies for emerging technologies, including AI/ML, quantum security, and autonomous systems
  • Lead enterprise maturity assessments (e.g., NIST CSF) to identify gaps and inform strategic investment decisions
Compliance Program Leadership
  • Provide oversight of global regulatory and contractual compliance programs (e.g., SOX, PCI, GDPR, ISO), ensuring consistency and scalability
  • Build and operationalize a “compliance‑as‑a‑service” model that enables self‑service, automates evidence collection, and minimizes burden on engineering teams
  • Monitor and anticipate changes in the regulatory landscape, proactively positioning Disney to meet evolving requirements
Organizational Leadership
  • Lead, develop, and scale a high‑performing global GRC organization, fostering a culture of accountability, innovation, and continuous improvement
  • Drive organizational excellence through strong leadership, talent development, and a focus on delivering scalable, forward‑looking solutions
What You’ll Bring Must‑Have Qualifications
  • 12+ years of progressive experience in cybersecurity, technology risk, or compliance, including 3+ years leading enterprise‑scale GRC functions
  • Structured problem‑solving, audit rigor, and enterprise advisory experience
  • Industry experience within large, complex organizations, with the ability to operate effectively in highly matrixed environments
  • A proven track record of transforming GRC programs into risk‑driven operating models that influence enterprise decision‑making
  • Deep expertise across risk management, governance, and compliance, including frameworks, policy lifecycle, automation, audit, and controls assurance
  • Strong working knowledge of industry frameworks and regulations, including NIST CSF, NIST 800‑53, ISO 27001, PCI DSS 4.0, SOX ITGC, and GDPR
  • Demo…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search