Experienced Cybersecurity Governance, Risk, and Compliance Professional - Remote, Part/Full Time Opportunity with The Walt Disney Company

Introduction to The Walt Disney Company

The Walt Disney Company is a world-renowned entertainment and media conglomerate that has been enchanting audiences for nearly a century. With a diverse range of businesses, including film and television production, theme parks, resorts, and consumer products, Disney is a leader in the global entertainment industry. Our company is committed to creating innovative and engaging experiences for our guests and consumers, while also prioritizing the safety and security of our employees, customers, and intellectual property.

About the Role

We are seeking an experienced Cybersecurity Governance, Risk, and Compliance (GRC) professional to join our team. As a GRC specialist, you will play a critical role in guiding GRC-related activities and ensuring the smooth execution of various tasks within the team. Your expertise will be essential in supporting the Walt Disney Company's third-party/internal risk management software, managing internal security compliance requirements, and implementing regulations, tactics, and frameworks at Disney.

Key Responsibilities

• Third-party/internal risk management (TPRM) software management
• Assist in the development and implementation of the Walt Disney Company's global third-party/internal risk method for conducting cyber risk-related due diligence exams
• Validate incoming third-party/internal risk assessment requests and work with business stakeholders to confirm the details of the request and the scope of the engagement
• Conduct kick-off sessions with business stakeholders and related third-parties to perform the TPA
• Coordinate the distribution of due diligence questionnaires to internal stakeholders/third-parties, review submitted questionnaires for completeness, and identify risks arising from the current design and operational effectiveness of the internal/third-party's security controls
• File responses, associated findings, and remediation plans in the TWDC systems
• Draft/review reports for the checks performed and ensure respective business stakeholders finalize reviews
• Act as a strong liaison to ensure any queries are responded to regarding the risk control technique and evaluation to the business or third-parties as required
• Perform continuous monitoring of third-parties via TWDC systems for current/new findings and track any findings to closure
• Identify opportunities for improvement within the TWDC systems and strategies
• Work closely with the risk lead/supervisor to schedule and execute a range of different supporting activities related to the risk management program

Governance, Risk, and Compliance

In this role, you will also be responsible for leading and supporting the development of cybersecurity risk and compliance-related strategies to ensure the treatment of cybersecurity risk consistent with the company's risk appetite. Your duties will include:

• Maintaining and documenting compliance towards information security-related guidelines and processes through planning, testing, remediating, monitoring, and reporting on control reviews and risk assessments
• Leading the development and delivery of compliance and risk education and ongoing communications that support a culture of security and compliance
• Staying abreast of regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
• Leading the efforts to maintain and guide ISO 27001 certification

Competencies and Attributes for Success

To be successful in this role, you will need to possess the following competencies and attributes:

• Outstanding stakeholder management skills
• Working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others
• Experience in the management of risk, controls, and compliance
• Knowledge of risk evaluation methodologies – qualitative/quantitative
• Superior analytical and problem-solving abilities
• Excellent presentation-making and delivery skills
• Strong interpersonal skills
• Ability to navigate rapid-paced environments and be flexible with working hours
• Fantastic communication skills, both verbal and written
• Ability to adapt quickly to changing conditions and drive high-quality change

Preferred Education and Experience

We are looking for candidates with the following preferred education and experience:

• Relevant Bachelor's/Master's degree from an accredited university or equivalent experience
• 4 years of experience in third-party risk management, information security, and audit & compliance monitoring (minimum of 2-3 years in TPRM/internal audit)
• Preferred experience with a large company and/or large four accounting firm
• One or more certifications - CISA, CRISC, ISO27001 L.I, CISSP
• Experience in AI/ML is a plus

Career Growth Opportunities and Learning Benefits

At The Walt Disney Company, we are committed to providing our employees with opportunities for growth and development. As a GRC specialist, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. You will also have access to a range of training and development programs, including:

• Professional certification programs
• Leadership development programs
• Mentorship opportunities
• Cross-functional training and development programs

Work Environment and Company Culture

Our company culture is built on a foundation of creativity, innovation, and excellence. We are a dynamic and fast-paced organization that values diversity, inclusion, and respect for all employees. As a GRC specialist, you will be working in a collaborative and supportive environment, with a team of professionals who are passionate about their work and committed to delivering exceptional results.

Compensation, Perks, and Benefits

We offer a competitive salary and benefits package, including:

• Salary: $80,000 per year
• Comprehensive health and wellness programs
• Retirement savings plans
• Access to exclusive Disney perks and discounts

Conclusion

If you are a motivated and experienced GRC professional looking for a new challenge, we encourage you to apply for this exciting opportunity. As a GRC specialist at The Walt Disney Company, you will have the chance to work with a talented team of professionals, develop your skills and expertise, and contribute to the success of our company. Don't miss out on this opportunity to join our team and be a part of the magic of Disney.