---

---

Location

Burbank, CA | United States

---

Job description

Job Summary:

Job Summary:

Disney Entertainment + ESPN encompasses the teams leading the Disney+, Hulu, ESPN+, and Star+ streaming services within Disney Entertainment. We sit at the intersection between entertainment, sports, and technology and seek to connect viewers with the stories they love, while driving the streaming industry forward with consumer-first innovation. The VP Information Security, Disney Entertainment + ESPN provides the direction and strategy for protecting the confidentiality and integrity of TWDC streaming systems and related infrastructure ensuring that a comprehensive cybersecurity program is effectively managed by leveraging industry best practices to protect and prevent cyber threats based upon business criticality.  

Responsibilities:

• Designs, builds and implements a Disney Entertainment + ESPN information security management program in accordance with TWDC Information Security Policies & Standards and in alignment with Disney Entertainment + ESPN business priorities 

• Provides strategic leadership of Disney Entertainment + ESPN information security program, coordinating information security standards and compliance across all Disney Entertainment + ESPN segments 

• Provides clear, concise metrics, analytics and reporting of Disney Entertainment + ESPN risk posture to executive stakeholders 

• Serves as the strategic information security risk advisor to the Disney Entertainment + ESPN CTO and other key Disney Entertainment + ESPN technical and business leaders 

• Evaluates Disney Entertainment + ESPN information security risk in accordance with TWDC’s enterprise-wide information security strategy to develop an annual information security management plan specific to Disney Entertainment + ESPN 

• Establishes key performance indicators and proactively reports to Disney Entertainment + ESPN executive stakeholders on performance of information security activities and metrics, and related risk posture 

• Maintains Disney Entertainment + ESPN information security management program in accordance with Disney enterprise and Media & Entertainment industry requirements 

• Ensures Disney Entertainment + ESPN information security program is integrated with Disney Entertainment + ESPN IT system planning, development and acquisition lifecycle 

• Leads Disney Entertainment + ESPN information security-related workflow mapping and related policy and procedural documentation management  

• Monitors and ensure compliance with Disney Entertainment + ESPN information security program by employees, non-employees and third parties 

• Ensures individual accountable for controls are implementing, testing and remediation any control failures effectively 

• Leads Disney Entertainment + ESPN change management, vulnerability management, application security and cloud platform security activities in close collaboration with enterprise security teams, ensuring clear and measurable security requirements are available and a clear assessment methodology is in place to allow consistent compliance verification for across all environments  

• Manages Disney Entertainment + ESPN information security staff in a direct and matrix team structure, and provides leadership to support complex and ever-evolving operational requirements 

• Represents the Disney Entertainment + ESPN organization’s security compliance interests in all matters:  with partners, suppliers, and industry associations to ensure the bi-directional flow of technical information and best practices in the area of information security 

• Regularly evaluates, reviews and reports on the effectiveness of Disney Entertainment + ESPN information security management program 

• As a key member of the TWDC Information Security Executive Leadership Team 

• Leads Disney Entertainment + ESPN internal and third-party assessment programs, ensuring that the level of effort for each assessment is commensurate with the sensitivity of information and/or content to be shared 

• Provides expert-level analysis of alternatives, design and implementation plans, and recommendations supported by strong research skills and provided through strong communication skills 

• Supervises and reviews updates to information security policies, architecture, standards, and/or other technical documents 

• Stays abreast of latest industry developments in information security 

• Drives innovation of security programs and underlying process and solutions to stay ahead of the threat landscape 

Basic Qualifications

• 15+ years of relevant experience in information security or directly related field 

• Proven ability to manage and facilitate annual operating budget and strategic planning 

• Demonstrated ability to manage the day-to-day tasks of diverse teams, while effectively influencing senior management on key decisions and direction 

• Proven ability to inspire, motivate and lead a team to produce quality work in the development of solutions 

• Demonstrated inclusive leadership that embraces diversity 

• Demonstrated ability to connect and influence others in order to achieve organizational priorities 

• Proven ability to successfully operate in a highly-matrixed organizational system where partnership and influence are key drivers of success 

• Demonstrated experience leading large organization-wide security initiatives 

• Demonstrated ability to develop teams and mentor staff 

• Demonstrated ability to develop geographically and otherwise diverse highly technical teams 

• Ability to communicate effectively to executive leadership in both business and technology roles 

• Demonstrated exceptional critical thinking, strategic planning, and process management skills 

• Proven results in delivering creative and innovative business and technology solutions 

• Excellent written and verbal communication skills 

• Excellent presentation and group dynamics skills 

• Strong familiarity with information security, risk management, and IT governance standards and frameworks (e.g., NIST 800-53, ISO 27000, ISO 31000, etc.) 

• Experience in formal risk assessment and risk management practices 

• Experience with vulnerability analysis processes and best practices 

• Experience managing third-party risk, business continuity risk, and IT operational risk 

• Experience establishing and managing control inventories and performing effectiveness reviews 

• Experience in Media and Entertainment or related companies 

• Proven executive leadership within a complex organization holding a high-profile global brand 

• Demonstrated excellence in client/partner relationship management with senior executives 

• Excellent orientation to both the details and the bigger picture 

• Solid business acumen with a high level of integrity and dependability 

• Proactive at finding solutions to complex problems 

• Action-oriented with high standard for quality and performance 

Required Education:

• Bachelor’s degree or equivalent required; STEM degree strong preferred 

Preferred Education:

• Advance degree is a plus; STEM degree strongly preferred 

The hiring range for this position in California is $241,500.00-$323,900.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.

---

Job tags

---

---

Salary