At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.
The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.
The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company. The main focus areas of this group are: Reduce the risk of both accidental and malicious data disclosure; Identify, monitor, engage with complete inventory of information; Establish appropriate policies and procedures to be followed; Educate user community to minimize risk.
Disney’s InfoSec GRC team is seeking a transformational leader to drive the next evolution of Governance, Risk, and Compliance across the enterprise. Reporting to the VP of Information Security, this role will lead the shift from a traditional compliance-driven approach to a modern, risk-intelligence-led model that enables better business decisions, strengthens security posture, and scales with Disney’s global technology and content ecosystem. This leader will partner closely with GIS and business leadership to embed risk awareness into daily operations, ensuring GRC is a strategic enabler of innovation—not a barrier.
Risk Management Leadership
Establish and operationalize risk tolerance models, translating business objectives into clear prioritization, investment, and remediation decisions
Deliver clear, credible, and decision-ready risk reporting to executive leadership and the Board, including financial risk quantification (e.g., FAIR)
Governance Program Leadership
Oversee the full lifecycle of InfoSec policies, standards, and guidelines, ensuring they are risk-based, actionable, and aligned with business needs
Embed governance controls into the technology lifecycle (e.g., DevSecOps, cloud, infrastructure-as-code), reducing reliance on manual processes through automation
Define and advance governance strategies for emerging technologies, including AI/ML, quantum security, and autonomous systems
Compliance Program Leadership
Provide oversight of global regulatory and contractual compliance programs (e.g., SOX, PCI, GDPR, ISO), ensuring consistency and scalability
Organizational Leadership
Lead, develop, and scale a high-performing global GRC organization, fostering a culture of accountability, innovation, and continuous improvement
Drive organizational excellence through strong leadership, talent development, and a focus on delivering scalable, forward-looking solutions
You will have 12+ years of progressive experience in cybersecurity, technology risk, or compliance, including 3+ years leading enterprise-scale GRC functions
You will have deep expertise across risk management, governance, and compliance, including frameworks, policy lifecycle, automation, audit, and controls assurance)
You will have strong working knowledge of industry frameworks and regulations, including NIST CSF, NIST 800-53, ISO 27001, PCI DSS 4.0, SOX ITGC, and GDPR
You will have experience leading in highly matrixed, global environments, driving alignment across engineering, security, and business stakeholders
Leadership & Transformation Profile (Critical for Success)
You will have the ability to connect cost, customer experience, and operational efficiency into a cohesive, risk-informed strategy
You will have advanced expertise in audit methodologies, controls testing, and assurance processes, including ITGCs and automated control environments (must have qualification)
You will have hands-on experience with leading GRC platforms (e.g., Archer, ServiceNow GRC, SailPoint)
Nice-to-Have Qualifications
You may have experience within media, entertainment, or similarly complex, consumer-facing industries
The hiring range for this position in Orlando, FL is $197,500 to $265,000 per year and in Glendale,CA is $207,400 to $278,200 per year. The hiring range for this position in Seattle, WA is $217,300 to $291,500 per year and in New York, NY is $217,300 to $291,500 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.