Executive Director, Info Security

Job Summary:

Department Description

At Disney, we're storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt's passion was to continuously envision new ways to move audiences around the world - a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, TV, movies and a variety of other businesses.

Uniting each endeavor is a commitment to creating and delivering unforgettable experiences - and we're constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology & Data mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. Global Information Security (GIS) provides services to protect the value and use of Disney's information through collaboration, empowerment, and education across The Walt Disney Company.

Team

Description:

At Disney, innovation and imagination fuel everything we do. The Info Sec Governance, Risk & Compliance (GRC) team is not just a guardian of standards - we are leaders who drive the evolution of information security. As a strategic powerhouse in the GIS organization, our mission transcends compliance, setting new benchmarks for risk intelligence, automation, and integrated governance. We aim to redefine what "great" looks like, pioneering visionary approaches that shape how Disney (and the industry) understands and manages security risk.

The GRC team is the pulse of Disney's enterprise technology ecosystem. We don't just follow regulatory mandates; we leap ahead, leveraging data-driven insights, advanced risk quantification, and automated control frameworks to empower business leaders and technologists. Our collaborative culture ensures that every corner of GIS speaks a unified risk language, propelling risk-aware thinking to the forefront of daily business decisions and fueling cross-company innovation.

By joining this team, you become a change agent, transforming GRC from a "checkbox" function to a dynamic, strategic enabler. You will lead and inspire a diverse, high-performing group that anticipates emerging risk domains, shapes industry-leading policy design, and drives measurable, business-aligned security outcomes. If your passion is to advance, not just meet, industry standards, and to make a lasting impact on a legendary brand's global footprint, the Info Sec GRC team at Disney is your stage.

Responsibilities of Role (List in order of priority, first few bullets should be the most important):

* Transform GRC at Disney

* Drive continous evolution of Disney's Info Sec GRC program, replacing compliance-centric, checkbox-driven operations with a dynamic, risk-intelligence-led model that directly informs how Disney prioritizes investment, staffing, and remediation.

* Define what "great" looks like, not by referencing existing standards but by advancing them. Develop novel approaches to risk quantification, compliance automation, and governance integration.

* Partner with GIS Leadership and Segment CTO teams to ensure the GRC program functions as a strategic business enabler, translating complex risk landscapes into executive- and board-ready insights that drive confident decision-making.

* Champion a culture shift across all of GIS and the broader enterprise: risk awareness is everyone's job, and GRC's role is to make risk-informed thinking intuitive, not burdensome.

* Risk Management Leadership

* Oversee the development and ongoing operations of Disney's comprehensive Info Sec Risk Management program, including the establishment, implementation, and continuous improvement of the enterprise Risk Management Framework.

* Establish and operationalize risk tolerance frameworks in partnership with executive leadership, defining clear thresholds that translate business appetite into actionable security investment and prioritization decisions.

* Build and mature a cybersecurity risk register that serves as the authoritative source of truth for Disney's threat and control posture, dynamically integrated with threat intelligence, vulnerability management, and third-party risk inputs.

* Drive risk-based prioritization across all Info Sec operational functions (engineering, red team, SOC, cloud security, etc.) - ensuring that every team's roadmap is anchored in defensible risk reduction rationale, not reactive urgency.

* Develop executive and board-level risk reporting that is clear, credible, and decision-ready; ensure Disney's risk narrative is consistent from the CISO to the Audit Committee.

* Lead efforts to quantify Info Sec risk in financial terms (FAIR or equivalent), enabling direct comparison of security investment across Disney's ubiquitous businesses and against measurable risk…