Senior Security Specialist, Third-Party Risk Management

Job Posting Title:

Senior Security Specialist, Third-Party Risk Management

Req ID:

10115405

Job Description:

 

Department Description 

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences. 

 

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence. 

 

The Global Information Security (GIS) group provides services to protect the value and use of Disney’s information through collaboration, standardization, enforcement, and education across The Walt Disney Company.  The main focus areas of this group are: 

• Reduce the risk of both accidental and malicious data disclosure 

• Identify, monitor, engage with complete inventory of information 

• Establish appropriate policies and procedures to be followed 

• Educate user community to minimize risk 

 

Team Description: 

The GIS Compliance team oversees ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements (Payment Card Industry, SOX, General Data Protection Regulations, Third Party Assessment) for TWDC. 

 

Responsibilities of Role: 

• Manage security compliance assessment scheduling/planning, scoping, and execution 

• Measure security compliance with both external requirements and internal policies and standards 

• Identify and justify key control attributes for testing 

• Conduct informational walkthroughs to clarify processes and architectures 

• Obtain artifacts to support the assessment of security controls and procedures, using a robust “trust but verify” approach.  

• Proactively send and follow up on all requests 

• Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms 

• Document assessment results and cogent control process narratives in workpapers 

• Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats.  

• Articulate the elements of effective and sustainable control design to IT and business partners.  

• Design and implement continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data that reflects the current state of the control environment for TWDC 

• For targeted controls and systems, facilitate the collection of control attestations and questionnaires 

• Manage inventories and tracking of remediation efforts and compensating controls. 

• Stay abreast of compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies 

Must Haves (Years of Experience, languages, programs, tools, etc.):  

• Must have 5+ years of IT audit, or IT security and/or compliance experience 

• Prior experience working within a global media, entertainment organization or fortune 100 company 

• Must have 5+ years Third-Party Risk Management experience

• Proven experience leading audits/assessments with complex environments  

• Solid experience interpreting and auditing external security regulations  

• Ability to grasp underlying technology stacks and document end-to-end service delivery flows 

• Good organizational, analytical, and problem-solving skills - balancing multiple priorities under tight deadlines 

• Excellent written, verbal, and visual communication for partners (internal & external) in all roles and levels  

• Ability to establish credibility and coordinate partnerships across segments 

• Security certification (CISSP, CISA, GSEC) or comparable certification 

Nice To Haves (see above): 

• Master’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, 

Education: 

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience 

The hiring range for this position in Burbank CA is $112,600 to $151,000 per year. and in New York NY & Seattle WA is $118,000 to $158,200 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

Job Posting Segment:

Enterprise Technology

Job Posting Primary Business:

Corporate Global Information Security

Primary Job Posting Category:

Security Governance

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Burbank, CA, USA

Alternate City, State, Region, Postal Code:

USA - FL - Kirkman Point 1, USA - NY - 7 Hudson Square, USA - WA - 925 4th Ave

Date Posted:

2025-03-14