Security Specialist, Third-Party Risk Management

At Disney, we’re storytellers. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Our commitment is to create and deliver unforgettable experiences. The Enterprise Technology mission is to deliver technology solutions that align with business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. The Global Information Security (GIS) organisation strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company.

The GIS Compliance team oversees ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third-party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements for TWDC.

Responsibilities of Role:

• Coordinate and conduct security compliance assessments, including scheduling, planning, and scoping.
• Evaluate security compliance with external requirements and internal policies and standards.
• Identify and validate key control attributes for testing.
• Conduct informational walkthroughs to clarify processes and architectures.
• Collect and verify artifacts to support the assessment of security controls and procedures.
• Proactively manage and follow up on all requests.
• Document assessment findings and recommendations to management, highlighting the effectiveness and efficiency of control mechanisms.
• Document assessment results and detailed control process narratives in workpapers.
• Communicate the elements of effective and sustainable control design to IT and business partners.
• Coordinate continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data reflecting the current state of the control environment for TWDC.
• Facilitate the collection of control attestations and questionnaires for targeted controls and systems.
• Manage inventories and track remediation efforts and compensating controls.
• Stay informed about compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies.

Must Haves:

• Minimum 3 years of IT audit, or IT security and/or compliance experience.
• Must have 3+ years Third-Party Risk Management experience.
• Experience with audits/assessments in complex environments.
• Experience interpreting and auditing external security regulations.
• Working knowledge of common IT security frameworks.
• Ability to grasp underlying technology stacks and document end-to-end service delivery flows.
• Good organizational, analytical, and problem-solving skills - balancing multiple priorities under tight deadlines.
• Excellent written, verbal, and visual communication for partners (internal & external) in all roles and levels.

Nice To Haves:

• Prior experience working within a global media, entertainment organization or fortune 100 company.
• Security certification (CISSP, CISA, GSEC) or comparable certification.

Education:

• Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience.