Manager, Information Security

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

FOR GIS ONLY. DELETE IF NOT GIS.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to:

• Secure the Magic by protecting information systems and platforms.

• Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests.

• Strengthen the business through optimizing execution, application, and technology used to protect the Company.

• Innovate by investing in core capabilities to enhance operational efficiency.

Team Description:

The DE Cyber Risk department consists of a global team of cast members, contingent workers, and contractors whose primary objective is to “Secure the Magic”. This objective is met by acting as a trusted partner with global technology teams and business partners to analyze, mitigate, and report upon security risks within their environments. We provide security advice and support to ensure security requirements are met and aligned with Disney Information Security Policies and Standards.  

Our span of control includes assessing the risk and control design associated with third-parties, internal applications, new product deployments, and infrastructure changes to ensure systems are within risk tolerance. The department also maintains strong partnerships with other technical security teams such as security architecture, product security, and content protection within DE and the larger Global Information Security (GIS) department.

Responsibilities of Role:

• Manage expansion and maturity of the following Disney Entertainment (DE) Information Security Office (ISO) services & programs within the East Asian region, inclusive of Korea, Japan, and China.

  • Security baseline and monitoring of business-critical products

  • Pervasive risk monitoring and reporting

  • Security champions program

  • Vendor risk management

  • Risk assessments

  • Risk Acceptance

  • Security training and awareness

• Partner with executive management, department leaders, and corporate services to seamlessly integrate security into existing processes, ensuring that business operations remain uninterrupted

• Provide executive management and department leaders visibility into key risks impacted the region

• Ensure alignment between information security strategies, and business objectives and roadmaps

• Ensures programs are in compliance with corporate policies and standards, and other applicable laws & regulations. Specific responsibilities related to K-ISMS include:

  • Lead the implementation, maintenance, and surveillance of K-ISMS certification, ensuring compliance with Korean regulatory standards

  • Act as the primary liaison with regulators, auditors, and external assessors in Korea

  • Partner with the global Privacy / Legal team to ensure alignment on privacy-related risks and integration of privacy considerations into security controls.

• Serve as subject matter expert to internal business and IT partners on corporate policies, applicable compliance standards (e.g. K-ISMS, PCI, relevant privacy regulations, etc.) and industry-best practices (e.g. ITIL, COBIT, ISO 27001)

• Build a strong understanding of the business environment to identify, mitigate, and remediate risk

• Research, learn, and evaluate solutions to address complex problems

• Stay current on market developments to identify emerging security technologies, risks and trends to ensure that computing environment keeps pace with security technology and risk landscape evolution

• Identify and establish process improvements, automation and innovation opportunities to simplify, standardize and improve security services

• Manage, prioritize, and proactively report on the status of assigned projects and/or team deliverables to impacted stakeholders

• Through example and behavior, strive to provide leadership to direct reports and other team members with the goals of providing service excellence

Must Haves:

• At least 7 years of experience in Information Technology

• At least 5 years of experience in Risk Management, Information Security, or Audit & Compliance

• At least 3 years of leadership experience, including team management and oversight of direct reports.

• Strong experience with K-ISMS certification lifecycle (implementation, assessment, remediation, surveillance)

• Bilingual proficiency: Korean (native or fluent) and English (business fluent), both written and spoken

• Experience of interpreting and assessing risk based on information from numerous sources to form practical and operational realistic solutions

• Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2, NIST, PCI requirements etc.

• Working knowledge of cloud infrastructure and security principles

• Knowledge of conducting risk assessments using industry recognized risk management methodologies

Nice To Haves:

• Progress toward one or more industry-recognized certifications (e.g., CISA, CISM, CRISC, ISO 27001, CCSP, CISSP, Security+)

• Master’s degree in computer science, information security, or a related technology discipline

• Proficient understanding of security and vulnerability detection tools, such as Tenable, Qualys, CrowdStrike, and Prisma

• Demonstrated experience in large enterprise environments and/or within a Big 4 accounting firm

• Hands-on experience with regulatory security frameworks, including ISO standards

• Familiarity with privacy principles and regulations (e.g., Korean PIPA), with the ability to collaborate effectively with Privacy and Legal teams

• Privacy certifications (such as CIPP/A, CIPM)

Education:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or comparable field of study, and / or equivalent work experience

The Walt Disney Company is an Equal Opportunity Employer. We strive to be a diverse workforce that is representative of our audiences, and where all can thrive and belong. We are committed to building a team that includes and respects a variety of voices, identities, backgrounds, experiences and perspectives.

The Walt Disney Company is an Equal Opportunity Employer. We strive to be a diverse workforce that is representative of our audiences, and where all can thrive and belong. We are committed to building a team that includes and respects a variety of voices, identities, backgrounds, experiences and perspectives.