Experienced GRC Professional for Disney's Cybersecurity Team - Remote (Part/Full Time) Opportunity with Competitive Salary

Join the Magical World of Disney as a Cybersecurity GRC Expert

Are you a seasoned GRC (Governance, Risk, and Compliance) professional with a passion for cybersecurity? Do you have a knack for guiding GRC-related activities and ensuring seamless execution of various tasks? The Walt Disney Company is seeking an experienced GRC professional to join their cybersecurity team as a remote (part/full-time) employee, with a competitive salary of $80,000 per year.

About the Cybersecurity Team at Disney

The Cybersecurity Team at Disney is comprised of green cybersecurity specialists who formulate and implement strategies and recommendations to help the organization align with its business goals while managing risks effectively and meeting industry guidelines and standards. The team works on cutting-edge technology and toward new innovations in the area of cybersecurity to ensure the magic of Disney remains secure.

Key Responsibilities

• Assist the Walt Disney Company's (TWDC) global third-party/internal risk method for carrying out cyber risk-related due diligence exams.
• Validate incoming third-party/internal risk assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement.
• Conduct kick-off sessions with business stakeholders and any related third-party for conducting the Third-Party Risk Management (TPRM) assessment.
• Coordinate the distribution of due diligence questionnaires to internal stakeholders/third-party, review submitted questionnaires for completeness, and determine risks arising from the current design and operational effectiveness of the internal/third-party's security controls.
• Document responses, associated findings, and remediation plans in TWDC systems.
• Draft/review reports for the checks performed and ensure respective business stakeholders finalize reviews.
• Be a strong liaison to ensure any queries are addressed concerning the risk management technique and evaluation to the business or third parties as required.
• Perform continuous tracking of third parties via TWDC systems for current/new findings and track any findings to closure.
• Identify opportunities for improvement within TWDC systems and strategies.
• Work closely with Risk Lead/Manager to schedule and execute a range of different assisting activities related to the risk management program.

Governance, Risk, and Compliance Responsibilities

• Lead and assist in the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the company's risk appetite.
• Maintain and document compliance towards information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.
• Lead development and delivery of compliance and risk education and ongoing communications that help drive a culture of security and compliance.
• Stay abreast of regulatory changes, new guidelines, technology, and internal policy changes to further identify new key risk areas.
• Lead activities to maintain and support ISO 27001 standard.

Essential Qualifications and Skills

To be successful in this role, you should possess:

• Outstanding stakeholder management skills.
• A working understanding of information security-related best practices and standards, including ISO 2700x, SOC 2 requirements, SSAE 16/18 standards, and others.
• Experience in the management of risk, controls, and compliance.
• Knowledge of risk assessment methodologies - qualitative/quantitative.
• Super analytical and problem-solving abilities.
• Super presentation making and delivery abilities.

Personal Attributes

• Robust interpersonal skills.
• Ability to navigate a fast-paced environment and be flexible with working hours.
• Excellent communication skills, both verbal and written.
• Adapt quickly to changing conditions and power positive change.

Preferred Qualifications and Experience

The ideal candidate should have:

• A relevant Bachelor's/Master's degree from an accredited university or equivalent experience.
• 4 years of experience throughout third-party risk management, information security, and audit & compliance tracking (minimum of 2-3 years in TPRM/internal audit).
• Preferred experience with a large company and/or Big Four accounting firm.
• One or more credentials - CISA, CRISC, ISO27001 L/LI, CISSP.
• Experience in AI/ML is a plus.

Career Growth Opportunities and Learning Benefits

As a GRC professional at Disney, you will have the opportunity to work with a talented team of cybersecurity experts and contribute to the development of innovative cybersecurity strategies. You will also have access to ongoing training and development programs to enhance your skills and knowledge in GRC and cybersecurity.

Work Environment and Company Culture

As a remote employee, you will have the flexibility to work from anywhere, at any time, as long as you have a stable internet connection. Disney is committed to creating a culture of inclusivity, diversity, and respect, where employees can thrive and grow.

Compensation, Perks, and Benefits

Disney offers a competitive salary of $80,000 per year, along with a comprehensive benefits package that includes health insurance, retirement savings, and paid time off. You will also have access to exclusive Disney perks, such as theme park tickets and merchandise discounts.

Why Join Disney?

Disney is a world-renowned brand that is synonymous with magic, innovation, and excellence. By joining the Disney team, you will become part of a legacy that has been entertaining and inspiring audiences for generations. You will have the opportunity to work on exciting projects, collaborate with talented colleagues, and make a meaningful contribution to the company's continued success.

How to Apply

If you are a motivated and experienced GRC professional looking for a challenging and rewarding role, we encourage you to apply for this exciting opportunity. Please submit your resume and a cover letter outlining your relevant experience and qualifications.

To prepare for your application, consider the following common interview questions and answers:

• Tell me about yourself: Provide a brief summary of your professional heritage, capabilities, and experiences. Focus on relevant information and your enthusiasm for the role.
• Why do you want to work for this organization?: Discuss the company's values, mission, or reputation that align with your career goals. Mention specific aspects of the company that attracted you.
• What is your greatest strength?: Highlight a relevant strength, such as problem-solving, leadership, or a technical skill. Support your answer with an example.
• What is your greatest weakness?: Discuss a weakness, but emphasize how you're working to improve it.

We look forward to receiving your application!