Executive Director, Info Security

Executive Director, Info Security at Disney leads a high-impact GRC organization within GIS, driving a risk-driven, automation-enabled information security program. You will oversee risk management, governance, and compliance across multiple regulatory frameworks, develop and operationalize a risk-quantification framework (FAIR or equivalent), and translate risk insights into executive- and board-ready decisions. Responsibilities include establishing enterprise risk management practices, building and maturing risk registers, driving policy governance and automated enforcement, and leading a ~40+ person team across Governance, Compliance, and Risk Management. You will partner with GIS leadership to align security strategy with business objectives, drive cross-functional collaboration, and oversee regulatory programs (SOX, PCI DSS, GDPR, ISO 27001, etc.), while stewarding a culture of risk awareness and continuous improvement. Desired competencies include executive presence, strong communication to senior leadership, experience with GRC tooling (Archer, SailPoint, ServiceNow GRC), cloud security fundamentals, DevSecOps integration, and heavy emphasis on risk quantification, reporting, and governance design.