Security Specialist, Third-Party Risk Management

Department Description

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.
• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.
• Strengthen the business through optimizing execution, application, and technology used to protect the Company.
• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

The GIS Compliance team oversees ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements (Payment Card Industry, SOX, General Data Protection Regulations, Third Party Assessment) for TWDC. 

Responsibilities of Role:

• Coordinate and conduct security compliance assessments, including scheduling, planning, and scoping.
• Evaluate security compliance with external requirements and internal policies and standards.
• Identify and validate key control attributes for testing.
• Conduct informational walkthroughs to clarify processes and architectures.
• Collect and verify artifacts to support the assessment of security controls and procedures.
• Proactively manage and follow up on all requests.
• Document assessment findings and recommendations to management, highlighting the effectiveness and efficiency of control mechanisms.
• Document assessment results and detailed control process narratives in workpapers.
• Communicate the elements of effective and sustainable control design to IT and business partners.
• Coordinate continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data reflecting the current state of the control environment for TWDC.
• Facilitate the collection of control attestations and questionnaires for targeted controls and systems.
• Manage inventories and track remediation efforts and compensating controls.
• Stay informed about compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies.

Must Haves (Years of Experience, languages, programs, tools, etc.):

• Minimum 3 years of IT audit, or IT security and/or compliance experience 

• Must have 3+ years Third-Party Risk Management experience

• Experience with audits/assessments in complex environments  
• Experience interpreting and auditing external security regulations  
• Working knowledge of common IT security frameworks
• Ability to grasp underlying technology stacks and document end-to-end service delivery flows 
• Good organizational, analytical, and problem-solving skills - balancing multiple priorities under tight deadlines 
• Excellent written, verbal, and visual communication for partners (internal & external) in all roles and levels  

Nice To Haves (see above):

• Prior experience working within a global media, entertainment organization or fortune 100 company 
• Security certification (CISSP, CISA, GSEC) or comparable certification 

Education:

Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

The hiring range for this position in Burbank CA is $95,300.00-$120,000.00 per year. and in New York NY & Seattle WA is $95,300.00-$127,800.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.