What you'd actually do

Manage expansion and maturity of the following Disney Entertainment (DE) Information Security Office (ISO) services & programs within countries that include the South East Asia (e.g., Singapore, Indonesia, Thailand, Philippines), Australia, and India.

Security baseline and monitoring of business-critical products

Pervasive risk monitoring and reporting

Security champions program

Vendor risk management

Skills

Required

Information Technology
Risk Management
Information Security
Audit & Compliance
leadership experience
team management
oversight of direct reports
regulatory security frameworks
ISO standards
interpreting and assessing risk
information security related best practices and standards
ISO 2700x
SOC 2
NIST
PCI requirements
cloud infrastructure and security principles
risk assessments using industry recognized risk management methodologies

Nice to have

Master’s degree in computer science, information security, or a related technology discipline
Progress toward one or more industry-recognized certifications (e.g., CISA, CISM, CRISC, ISO 27001, CCSP, CISSP, Security+)
Proficient understanding of security and vulnerabil

Job Posting Title:

Manager - Information Security

Req ID:

10137492

Job Description:

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company (TWDC) is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

The Global Information Security (GIS) organization strives to secure the magic by employing best-in-class services to assess, prevent, detect, and respond to cyber threats that present risk to The Walt Disney Company. We enable the business by integrating enterprise and business segment-specific supported services to create a robust, efficient, and adaptable cybersecurity program. Our key objectives are to: • Secure the Magic by protecting information systems and platforms. • Reduce Risk by proactively assessing, preventing, and detecting to prevent harm to the Company and our Guests. • Strengthen the business through optimizing execution, application, and technology used to protect the Company. • Innovate by investing in core capabilities to enhance operational efficiency.

The DE Cyber Risk department consists of a global team of cast members, contingent workers, and contractors whose primary objective is to “Secure the Magic”. This objective is met by acting as a trusted partner with global technology teams and business partners to analyze, mitigate, and report upon security risks within their environments. We provide security advice and support to ensure security requirements are met and aligned with Disney Information Security Policies and Standards.

Our span of control includes assessing the risk and control design associated with third-parties, internal applications, new product deployments, and infrastructure changes to ensure systems are within risk tolerance. The department also maintains strong partnerships with other technical security teams such as security architecture, product security, and content protection within DE and the larger Global Information Security (GIS) department.

Responsibilities:

Manage expansion and maturity of the following Disney Entertainment (DE) Information Security Office (ISO) services & programs within countries that include the South East Asia (e.g., Singapore, Indonesia, Thailand, Philippines), Australia, and India.
Security baseline and monitoring of business-critical products
Pervasive risk monitoring and reporting
Security champions program
Vendor risk management
Risk assessments
Risk Acceptance
Security training and awareness
Partner with executive management, department leaders, and corporate services to seamlessly integrate security into existing processes, ensuring that business operations remain uninterrupted
Provide executive management and department leaders visibility into key risks impacted the region
Ensure alignment between information security strategies, and business objectives and roadmaps
Ensures programs are in compliance with corporate policies and standards, and other applicable laws & regulations.
Serve as subject matter expert to internal business and IT partners on corporate policies, applicable compliance standards (e.g., PCI, relevant privacy regulations, etc.) and industry-best practices (e.g. ITIL, COBIT, ISO 27001)
Build a strong understanding of the business environment to identify, mitigate, and remediate risk
Research, learn, and evaluate solutions to address complex problems
Stay current on market developments to identify emerging security technologies, risks and trends to ensure that computing environment keeps pace with security technology and risk landscape evolution
Identify and establish process improvements, automation and innovation opportunities to simplify, standardize and improve security services
Manage, prioritize, and proactively report on the status of assigned projects and/or team deliverables to impacted stakeholders
Through example and behavior, strive to provide leadership to direct reports and other team members with the goals of providing service excellence

Requirements:

Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or comparable field of study, and / or equivalent work experience
At least 7 years of experience in Information Technology
At least 5 years of experience in Risk Management, Information Security, or Audit & Compliance
At least 3 years of leadership experience, including team management and oversight of direct reports.
Hands-on experience with regulatory security frameworks, including ISO standards
Experience of interpreting and assessing risk based on information from numerous sources to form practical and operational realistic solutions
Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2, NIST, PCI requirements etc.
Working knowledge of cloud infrastructure and security principles
Knowledge of conducting risk assessments using industry recognized risk management methodologies
Progress toward one or more industry-recognized certifications (e.g., CISA, CISM, CRISC, ISO 27001, CCSP, CISSP, Security+)
Master’s degree in computer science, information security, or a related technology discipline
Proficient understanding of security and vulnerability detection tools, such as Tenable, Qualys, CrowdStrike, and Prisma
Demonstrated experience in large enterprise environments and/or within a Big 4 accounting firm

The Walt Disney Company is an Equal Opportunity Employer. We strive to be a diverse workforce that is representative of our audiences, and where all can thrive and belong. We are committed to building a team that includes and respects a variety of voices, identities, backgrounds, experiences and perspectives.

Job Posting Segment:

Enterprise Technology

Job Posting Primary Business:

Corporate Global Information Security

Primary Job Posting Category:

Security Governance

Employment Type:

Full time

Primary City, State, Region, Postal Code:

Singapore, Singapore

Alternate City, State, Region, Postal Code:

Date Posted:

2025-11-28