Job Description

Key Responsibilities:
Third Party Risk Management (TPRM) Program

• Lead the Walt Disney Company’s (TWDC) global third-party risk strategy for carrying out cyber risk related due diligence assessments.
• Validate incoming Third-party Assessment (TPA) request, working with business stakeholders to confirm the details of the TPA request and the scope of the engagement.
• Conduct kick-off sessions with the business stakeholders and associated third-party for conducting the TPA.
• Coordinate the distribution of due diligence questionnaires to the third party, review submitted questionnaires for completeness and determine risks arising from the current design and operational effectiveness of the third party’s security controls.
• Perform review and quality checks of the document responses, associated findings, and remediation plans in the TWDC systems.
• Draft report for the assessments conducted and ensure respective business stakeholders finalize reviews.
• Be a strong liaison to ensure any queries are answered regarding the TPRM process and assessment to the business or third parties as required.
• Perform continuous monitoring of the third parties through TWDC systems for existing/new findings and track any findings to closure.
• Identify opportunities of improvement within the TWDC systems and processes.
• Work closely with TPRM Specialists/Manager to schedule and execute a variety of other supporting activities related to the TPRM

• Lead/ Support development of cybersecurity risk and compliance related processes to ensure treatment of cybersecurity risk in line with the organization’s risk appetite.
• Maintain compliance against information security related policies and procedures through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.
• Lead/Support the efforts in development and delivery of compliance and risk training and ongoing communications that help drive culture of security and compliance.
• Lead the efforts for the continual drive for enhanced efficiency in all risk and compliance processes.
• Keeping abreast of regulatory changes, new regulations, technologies, and internal policy changes in order to further identify new key risk areas

• Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements etc.
• Experience in handling small-medium size teams.
• Proven leadership skills.
• Experience in the management of risk, controls, and compliance
• Knowledge of risk assessment methodologies – qualitative/quantitative such as FAIR.
• Excellent analytical and problem-solving skills
• Excellent stakeholder management

• Relevant Bachelor’s/Master’s degree from an accredited university or equivalent experience.
• 5-8+ years of experience across Third-Party Risk Management, Information Security and Audit & Compliance monitoring (Minimum of 3 years in TPRM).
• Preferred experience with a large company and/or Big 4 accounting firm.
• One or more credentials - CISA, CRISC, ISO27001 LA/LI, CISSP

• Strong interpersonal skills
• Ability to navigate fast paced environment and be flexible with working hours
• Outstanding communication skills, both verbal and written
• Adapt quickly to changing situations and drive positive change