Experienced Cybersecurity Governance, Risk, and Compliance Professional - Remote, Part/Full Time Opportunity with The Walt Disney Company
Introduction to The Walt Disney Company
The Walt Disney Company is a world-renowned entertainment and media conglomerate that has been enchanting audiences for nearly a century. With a diverse range of businesses, including film and television production, theme parks, resorts, and consumer products, Disney is a leader in the global entertainment industry. Our company is committed to creating innovative and engaging experiences for our guests and consumers, while also prioritizing the safety and security of our employees, customers, and intellectual property.
About the Role
We are seeking an experienced Cybersecurity Governance, Risk, and Compliance (GRC) professional to join our team. As a GRC specialist, you will play a critical role in guiding GRC-related activities and ensuring the smooth execution of various tasks within the team. Your expertise will be essential in supporting the Walt Disney Company's third-party/internal risk management software, managing internal security compliance requirements, and implementing regulations, tactics, and frameworks at Disney.
Key Responsibilities
Third-party/internal risk management (TPRM) software management
Assist in the development and implementation of the Walt Disney Company's global third-party/internal risk method for conducting cyber risk-related due diligence exams
Validate incoming third-party/internal risk assessment requests and work with business stakeholders to confirm the details of the request and the scope of the engagement
Conduct kick-off sessions with business stakeholders and related third-parties to perform the TPA
Coordinate the distribution of due diligence questionnaires to internal stakeholders/third-parties, review submitted questionnaires for completeness, and identify risks arising from the current design and operational effectiveness of the internal/third-party's security controls
File responses, associated findings, and remediation plans in the TWDC systems
Draft/review reports for the checks performed and ensure respective business stakeholders finalize reviews
Act as a strong liaison to ensure any queries are responded to regarding the risk control technique and evaluation to the business or third-parties as required
Perform continuous monitoring of third-parties via TWDC systems for current/new findings and track any findings to closure
Identify opportunities for improvement within the TWDC systems and strategies
Work closely with the risk lead/supervisor to schedule and execute a range of different supporting activities related to the risk management program
Governance, Risk, and Compliance
In this role, you will also be responsible for leading and supporting the development of cybersecurity risk and compliance-related strategies to ensure the treatment of cybersecurity risk consistent with the company's risk appetite. Your duties will include:
Maintaining and documenting compliance towards information security-related guidelines and processes through planning, testing, remediating, monitoring, and reporting on control reviews and risk assessments
Leading the development and delivery of compliance and risk education and ongoing communications that support a culture of security and compliance
Staying abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
Leading the efforts to maintain and guide ISO 27001 certification
Competencies and Attributes for Success
To be successful in this role, you will need to possess the following competencies and attributes:
Outstanding stakeholder management skills
Working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others
Experience in the management of risk, controls, and compliance
Knowledge of risk evaluation methodologies – qualitative/quantitative
Superior analytical and problem-solving abilities
Excellent presentation-making and delivery skills
Strong interpersonal skills
Ability to navigate rapid-paced environments and be flexible with working hours
Fantastic communication skills, both verbal and written
Ability to adapt quickly to changing conditions and drive high-quality change
Preferred Education and Experience
We are looking for candidates with the following preferred education and experience:
Relevant Bachelor's/Master's degree from an accredited university or equivalent experience
4 years of experience in third-party risk management, information security, and audit & compliance monitoring (minimum of 2-3 years in TPRM/internal audit)
Preferred experience with a large company and/or large four accounting firm
One or more certifications - CISA, CRISC, ISO27001 L.I, CISSP
Experience in AI/ML is a plus
Career Growth Opportunities and Learning Benefits
At The Walt Disney Company, we are committed to providing our employees with opportunities for growth and development. As a GRC specialist, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. You will also have access to a range of training and development programs, including:
Professional certification programs
Leadership development programs
Mentorship opportunities
Cross-functional training and development programs
Work Environment and Company Culture
Our company culture is built on a foundation of creativity, innovation, and excellence. We are a dynamic and fast-paced organization that values diversity, inclusion, and respect for all employees. As a GRC specialist, you will be working in a collaborative and supportive environment, with a team of professionals who are passionate about their work and committed to delivering exceptional results.
Compensation, Perks, and Benefits
We offer a competitive salary and benefits package, including:
Salary: $80,000 per year
Comprehensive health and wellness programs
Retirement savings plans
Access to exclusive Disney perks and discounts
Conclusion
If you are a motivated and experienced GRC professional looking for a new challenge, we encourage you to apply for this exciting opportunity. As a GRC specialist at The Walt Disney Company, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. Don't miss out on this opportunity to join our team and be a part of the magic of Disney.
Apply Now
The Walt Disney Company is a world-renowned entertainment and media conglomerate that has been enchanting audiences for nearly a century. With a diverse range of businesses, including film and television production, theme parks, resorts, and consumer products, Disney is a leader in the global entertainment industry. Our company is committed to creating innovative and engaging experiences for our guests and consumers, while also prioritizing the safety and security of our employees, customers, and intellectual property.
About the Role
We are seeking an experienced Cybersecurity Governance, Risk, and Compliance (GRC) professional to join our team. As a GRC specialist, you will play a critical role in guiding GRC-related activities and ensuring the smooth execution of various tasks within the team. Your expertise will be essential in supporting the Walt Disney Company's third-party/internal risk management software, managing internal security compliance requirements, and implementing regulations, tactics, and frameworks at Disney.
Key Responsibilities
Third-party/internal risk management (TPRM) software management
Assist in the development and implementation of the Walt Disney Company's global third-party/internal risk method for conducting cyber risk-related due diligence exams
Validate incoming third-party/internal risk assessment requests and work with business stakeholders to confirm the details of the request and the scope of the engagement
Conduct kick-off sessions with business stakeholders and related third-parties to perform the TPA
Coordinate the distribution of due diligence questionnaires to internal stakeholders/third-parties, review submitted questionnaires for completeness, and identify risks arising from the current design and operational effectiveness of the internal/third-party's security controls
File responses, associated findings, and remediation plans in the TWDC systems
Draft/review reports for the checks performed and ensure respective business stakeholders finalize reviews
Act as a strong liaison to ensure any queries are responded to regarding the risk control technique and evaluation to the business or third-parties as required
Perform continuous monitoring of third-parties via TWDC systems for current/new findings and track any findings to closure
Identify opportunities for improvement within the TWDC systems and strategies
Work closely with the risk lead/supervisor to schedule and execute a range of different supporting activities related to the risk management program
Governance, Risk, and Compliance
In this role, you will also be responsible for leading and supporting the development of cybersecurity risk and compliance-related strategies to ensure the treatment of cybersecurity risk consistent with the company's risk appetite. Your duties will include:
Maintaining and documenting compliance towards information security-related guidelines and processes through planning, testing, remediating, monitoring, and reporting on control reviews and risk assessments
Leading the development and delivery of compliance and risk education and ongoing communications that support a culture of security and compliance
Staying abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
Leading the efforts to maintain and guide ISO 27001 certification
Competencies and Attributes for Success
To be successful in this role, you will need to possess the following competencies and attributes:
Outstanding stakeholder management skills
Working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others
Experience in the management of risk, controls, and compliance
Knowledge of risk evaluation methodologies – qualitative/quantitative
Superior analytical and problem-solving abilities
Excellent presentation-making and delivery skills
Strong interpersonal skills
Ability to navigate rapid-paced environments and be flexible with working hours
Fantastic communication skills, both verbal and written
Ability to adapt quickly to changing conditions and drive high-quality change
Preferred Education and Experience
We are looking for candidates with the following preferred education and experience:
Relevant Bachelor's/Master's degree from an accredited university or equivalent experience
4 years of experience in third-party risk management, information security, and audit & compliance monitoring (minimum of 2-3 years in TPRM/internal audit)
Preferred experience with a large company and/or large four accounting firm
One or more certifications - CISA, CRISC, ISO27001 L.I, CISSP
Experience in AI/ML is a plus
Career Growth Opportunities and Learning Benefits
At The Walt Disney Company, we are committed to providing our employees with opportunities for growth and development. As a GRC specialist, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. You will also have access to a range of training and development programs, including:
Professional certification programs
Leadership development programs
Mentorship opportunities
Cross-functional training and development programs
Work Environment and Company Culture
Our company culture is built on a foundation of creativity, innovation, and excellence. We are a dynamic and fast-paced organization that values diversity, inclusion, and respect for all employees. As a GRC specialist, you will be working in a collaborative and supportive environment, with a team of professionals who are passionate about their work and committed to delivering exceptional results.
Compensation, Perks, and Benefits
We offer a competitive salary and benefits package, including:
Salary: $80,000 per year
Comprehensive health and wellness programs
Retirement savings plans
Access to exclusive Disney perks and discounts
Conclusion
If you are a motivated and experienced GRC professional looking for a new challenge, we encourage you to apply for this exciting opportunity. As a GRC specialist at The Walt Disney Company, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. Don't miss out on this opportunity to join our team and be a part of the magic of Disney.
Apply Now