Security Specialist, Compliance

Job Posting Title: Security Specialist, ComplianceReq ID: 10116452Job Description:This is not a remote role. Must be local or be willing to relocate to one of the hubs (Burbank, NYC, Orlando or Seattle)Department DescriptionAt Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:Secure the Magic by protecting information systems and platforms.Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.Strengthen the business through optimizing execution, application, and technology used to protect the Company.Innovate by investing in core capabilities to enhance operational efficiency.Team Description:The GIS Compliance team oversees ongoing security programs to evaluate the health of TWDC’s control environment. These programs include external audits, internal control validation, third party assessments, and ongoing consulting. The department is responsible for understanding and interpreting regulated controls and assessment requirements (Payment Card Industry, SOX, General Data Protection Regulations, Third Party Assessment) for TWDC.Responsibilities of Role:Coordinate and conduct security compliance assessments, including scheduling, planning, and scoping.Evaluate security compliance with external requirements and internal policies and standards.Identify and validate key control attributes for testing.Conduct informational walkthroughs to clarify processes and architectures.Collect and verify artifacts to support the assessment of security controls and procedures.Proactively manage and follow up on all requests.Document assessment findings and recommendations to management, highlighting the effectiveness and efficiency of control mechanisms.Document assessment results and detailed control process narratives in workpapers.Communicate the elements of effective and sustainable control design to IT and business partners.Coordinate continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data reflecting the current state of the control environment for TWDC.Facilitate the collection of control attestations and questionnaires for targeted controls and systems.Manage inventories and track remediation efforts and compensating controls.Stay informed about compliance and assessment trends within TWDC, at suppliers, and from legislators and regulatory bodies.Must Haves (Years of Experience, languages, programs, tools, etc.):3 years of IT audit, or IT security and/or compliance experienceExperience with audits/assessments in complex environmentsExperience interpreting and auditing external security regulationsWorking knowledge of common IT security frameworksAbility to grasp underlying technology stacks and document end-to-end service delivery flowsGood organizational, analytical, and problem-solving skills - balancing multiple priorities under tight deadlinesExcellent written, verbal, and visual communication for partners (internal & external) in all roles and levelsNice To Haves (see above):Prior experience working within a global media, entertainment organization or fortune 100 companySecurity certification (CISSP, CISA, GSEC) or comparable certificationEducation:Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience#DISNEYTECH The hiring range for this position in Burbank CA is $95,300.00-$120,000.00 per year. and in New York NY & Seattle WA is $95,300.00-$127,800.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.Job Posting Segment: Enterprise TechnologyJob Posting Primary Business: Corporate Global Information SecurityPrimary Job Posting Category: Security GovernanceEmployment Type: Full timePrimary City, State, Region, Postal Code: Burbank, CA, USAAlternate City, State, Region, Postal Code: USA - FL - Kirkman Point 1, USA - NY - 7 Hudson Square, USA - WA - 925 4th AveDate Posted: 2025-04-08 Apply for the job now! Apply for this job