Sr Security Specialist, Compliance

Job Posting Title:

Sr Security Specialist, Compliance

Req ID:

10111858

Job Description:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across Disney.  The main focus areas of this group are:

• Reduce the risk of both accidental and malicious data disclosure

• Identify, monitor, engage with complete inventory of information

• Establish appropriate policies and procedures to be followed

• Educate user community to minimize risk

Team Description:

The GIS Compliance team oversees ongoing security programs to evaluate the health of Disney’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements (Payment Card Industry, SOX, General Data Protection Regulations, Third Party Assessment) for Disney. We are looking for a Sr Security Compliance Specialist to come and help us with these efforts. 

Responsibilities:

• Manage security compliance assessment scheduling/planning, scoping, and execution

• Measure security compliance with both external requirements and internal policies and standards

• Identify and justify key control attributes for testing

• Conduct informational walkthroughs to clarify processes and architectures

• Obtain artifacts to support the assessment of security controls and procedures, using a robust “trust but verify” approach

• Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms, while documenting all aspects

• Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats

• Articulate the elements of effective and sustainable control design to IT and business partners

• Design and implement continuous control monitoring mechanisms, collaborating with business partners to source and interpret data that reflects the current state of the control environment 

• Facilitate the collection of control attestations and questionnaires for targeted controls & systems

• Manage inventories, track remediation efforts, and oversee compensating controls

• Stay abreast of compliance and assessment trends within Disney, at suppliers, and from legislators and regulatory bodies

Required Qualifications & Skills:

• 5+ years of experience in IT audit, IT security, and/or compliance within a large enterprise organization

• Validated experience leading audits/assessments with complex environments

• Strong demonstrated experience with PCI, SOX, etc.

• Solid experience interpreting and auditing external security regulations

• Ability to grasp underlying technology stacks and document end-to-end service delivery flows

• Good organizational, analytical, and problem-solving skills - balancing multiple priorities under tight deadlines

• Excellent written, verbal, and visual communication for partners (internal & external) in all roles and levels – with an ability to establish credibility and coordinate partnerships across varying business segments

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

Preferred Qualifications: 

• Master’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study

• Security certification (CISSP, CISA GSEC), and/or other comparable certification/s

• Prior experience working within a global media entertainment organization

The hiring range for this position in Burbank CA is $112,600 to $151,000 per year. and in New York NY & Seattle WA is $118,000 to $158,200 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

Job Posting Segment:

Enterprise Technology

Job Posting Primary Business:

Corporate Global Information Security

Primary Job Posting Category:

Security Governance

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Burbank, CA, USA

Alternate City, State, Region, Postal Code:

USA - FL - Kirkman Point 1, USA - NY - 7 Hudson Square, USA - WA - 925 4th Ave

Date Posted:

2025-02-07