FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Executive Director, Info Security
The Walt Disney CompanyExecutive Director of InfoSec Governance, Risk & Compliance at Disney, transforming GRC programs for strategic business enablement and operational excellence.
Posted 5/30/2026full-timeSeattle • California, Florida, New York, Washington • 🇺🇸 United StatesLead💰 $197,500 - $291,500 per yearWebsite
ATS Keywords
Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills
cybersecuritytechnology risktechnology compliancerisk managementgovernancecompliancerisk quantificationsecurity audit methodologiescontrols testingcloud security architecture
Soft Skills
leadershipexecutive presencecommunicationtrust buildingrisk awarenessdecision-makingculture shift advocacystrategic thinkingcollaborationtranslating technical concepts
Tools & Technologies
ArcherSailPointServiceNow GRCcloud-native environmentsIaaSPaaSSaaSthreat intelligencevulnerability managementthird-party risk management
Certifications & Qualifications
NIST CSFNIST 800-53ISO/IEC 27001PCI DSS 4.0SOX ITGCGDPR
Industry Keywords
GRC programrisk-driven operating modelsregulatory audit managementautomated enforcementaudit alignmentrisk tolerance frameworkscybersecurity risk registerexecutive risk reportingFAIRDevSecOps
Tech Stack
Tools & technologiesAWSAzureCloudCyber SecurityGoogle Cloud PlatformServiceNow
About the role
Key responsibilities & impact- Transform GRC at Disney
- Drive continuous evolution of Disney’s InfoSec GRC program, replacing compliance-centric, checkbox-driven operations with a dynamic, risk-intelligence-led model that directly informs how Disney prioritizes investment, staffing, and remediation.
- Define what “great” looks like, not by referencing existing standards but by advancing them.
- Develop novel approaches to risk quantification, compliance automation, and governance integration.
- Partner with GIS Leadership and Segment CTO teams to ensure the GRC program functions as a strategic business enabler, translating complex risk landscapes into executive- and board-ready insights that drive confident decision-making.
- Champion a culture shift across all of GIS and the broader enterprise: risk awareness is everyone’s job, and GRC’s role is to make risk-informed thinking intuitive, not burdensome.
- Oversee the development and ongoing operations of Disney’s comprehensive InfoSec Risk Management program, including the establishment, implementation, and continuous improvement of the enterprise Risk Management Framework.
- Establish and operationalize risk tolerance frameworks in partnership with executive leadership, defining clear thresholds that translate business appetite into actionable security investment and prioritization decisions.
- Build and mature a cybersecurity risk register that serves as the authoritative source of truth for Disney’s threat and control posture, dynamically integrated with threat intelligence, vulnerability management, and third-party risk inputs.
- Drive risk-based prioritization across all InfoSec operational functions (engineering, red team, SOC, cloud security, etc.) - ensuring that every team’s roadmap is anchored in defensible risk reduction rationale, not reactive urgency.
- Develop executive and board-level risk reporting that is clear, credible, and decision-ready; ensure Disney’s risk narrative is consistent from the CISO to the Audit Committee.
- Lead efforts to quantify InfoSec risk in financial terms (FAIR or equivalent), enabling direct comparison of security investment across Disney’s ubiquitous businesses and against measurable risk reduction outcomes.
- Lead a third-party and supply chain risk intelligence capability that goes beyond questionnaire-based assessments by integrating continuous external attack surface monitoring, threat intelligence on vendor compromise activity, and contractual control requirements into a unified third-party risk posture.
- Oversee the development, maintenance, and lifecycle management of enterprise-wide Information Security policies, standards, and guidelines, ensuring they are risk-based, clear, and aligned to business realities (not just regulatory checklists).
Requirements
What you’ll need- 12+ years of progressive experience in cybersecurity, technology risk, or technology compliance, with a minimum of 3 years in leadership roles overseeing GRC functions at enterprise scale.
- Demonstrated track record of building and transforming GRC programs, moving organizations to risk-driven operating models.
- Deep expertise across the full GRC spectrum: risk management (frameworks, quantification, reporting), governance (policy lifecycle, automated enforcement, metrics), and compliance (regulatory audit management, controls assurance, overall audit alignment).
- Extensive knowledge of information security risk, governance, and control frameworks: NIST CSF, NIST 800-53, ISO/IEC 27001, PCI DSS 4.0, SOX ITGC, GDPR.
- Proven executive presence: ability to command a room, build trust with senior leadership, and translate highly technical risk concepts into clear business language.
- Strong experience in risk quantification methodologies (FAIR or equivalent) and experience driving financial-terms risk reporting for executive audiences.
- Expert-level understanding of security audit methodologies, controls testing, and assurance processes across both IT general controls (ITGCs) and automated application controls.
- Hands-on familiarity with implementing and operating GRC tooling and platforms (Archer, SailPoint, ServiceNow GRC, or equivalent).
- Solid understanding of cloud security architecture and the compliance implications of cloud-native environments (IaaS, PaaS, SaaS) across major providers (AWS, Azure, GCP).
- Familiarity with DevSecOps practices and the integration of security governance and compliance controls into software development and infrastructure deployment pipelines.
Benefits
Comp & perks- A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.