The VP, Chief Information Security Officer will be responsible for building and maintaining the vision, strategy, and programs necessary to ensure information assets, technologies and data are adequately secured.
The Information Security group is responsible for the ongoing development and delivery of a comprehensive strategy for information security, privacy and technology risk management across Disney’s Direct to Consumer & International (DTCI) division to secure our global network, data and intellectual property against unauthorized use, disclosure or loss. This security program includes: partnering with corporate security to define and develop the Information Security strategy; risk tolerance thresholds for the DTCI organization; budgeting to support additional initiatives over and above the security implementation budgets that are owned by the company for effective management of information security risks to DTCI and Disney Media Networks; coordinating and communication with business segment IT security liaisons to ensure consistent protection practices throughout the enterprise; setting and implementing consistent standards for IT security operations and support.
The VP, Chief Information Security Officer position will represent DTCI in partnership with the Program Management team, on audits of all business, cloud and federated services, ensuring that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk commensurate with established risk thresholds.
Finally, The VP, Chief Information Security Officer position will be responsible for managing the DTCI's security organization, including hiring, training, talent development and performance management.
- Leads the development of DTCI Information Security Strategy; validates and confirms the strategy with appropriate stakeholders, and communicates it to appropriate stakeholders throughout DTCI and Media Networks Division. Monitors progress against the Information Security Strategy on regular basis
- Provides operational and engineering services, oversight of server- based compliance tools, and security operations center in support the enterprise security program
- Obtains input from Business Segments, Enterprise Technology, Corporate Security, Management Audit and other groups to design and develop the strategic direction for the operation of the relevant security tools. Accountable for periodically updating the operations strategy
- Establishes and monitors budget for implementation of the security operations function
- Establishes key Information Security reporting metrics related to operations
- Establishes, motivates and leads a high performance security operations team; attracts, recruits, and retains key members of the organization
- Develops and maintains event monitoring program.
- Recommends risk avoidance strategies, risk mitigation actions and controls to DTCI and Media Networks.
- Establishes and manages a formal process to create, review, and update TWDC Information Security Policies and Standards with various stakeholders including Corporate Security (physical security).
- Monitors changes in laws and regulations in coordination with legal that may affect TWDC Information Security
- Manages policy and standards exceptions processes.
- Tracks and reports on policy and standard exceptions.
- Consults, answers questions, and provides clarity to Business Segment security and IT on Information Security Policies and Standards.
- Minimum of 15-plus years of experience in management, including IT / Corporate Security / Information Security Management and at least 5 years at the executive level
- Deep experience with cloud platforms
- Familiarity with GDPR
- Proven Technical knowledge to enable efficient team management
- Proven understanding of information securityrisk assessment and risk management procedures and methodologies
- Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls
- Strong knowledge of industry and regulatory requirements (i.e., PCI, SOX, Safe Harbor)
- Require one of the following certification: CISSP, CISM, CISA or industry equivalent
- CISO experiencepreferred
- Bachelors degree or equivalent experience