IAM Security & Governance Senior Specialist

Department Description

At Disney, we’re storytellers. We make the impossible, possible. The Walt Disney Company is a world-class entertainment and technological leader. Walt’s passion was to continuously envision new ways to move audiences around the world—a passion that remains our touchstone in an enterprise that stretches from theme parks, resorts and a cruise line to sports, news, movies and a variety of other businesses. Uniting each endeavor is a commitment to creating and delivering unforgettable experiences — and we’re constantly looking for new ways to enhance these exciting experiences.

The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

Team Description:

The Identity and Access Management organization within Enterprise Technology supports all enterprise-level IAM services end-to-end. This includes IAM service management, governance, security, compliance, operations, engineering, architecture, organization change management, demand management, and release management. This organization is accountable and instrumental in reducing identity-related risks, mitigating threats, and advancing IAM mature services. Its mission is to enable secure, appropriate access for any identity from any device, any location, to any service, for the right business outcome. The IAM team provides positive user experiences through platform modernization, and security and operational excellence for workforce identities across The Walt Disney Company (TWDC).

Responsibilities of Role:

As the IAM Security & Governance Sr. Specialist, you will play a critical role in ensuring the compliance and audit readiness of our Identity & Access Management (IAM) services. You will be responsible for interpreting and coordinating responses to internal policies, regulatory requirements (e.g., SOX, PCI, BaFin), and audit activities impacting IAM.

You will work cross-functionally with IAM Governance Leads, IAM Engineering Teams, IAM Service Leads, Compliance Teams and Internal and External Audit teams to define and track remediation plans, support audit cycles, and promote consistent adherence to security and regulatory standards.

IAM Compliance Oversight

• Identify relevant internal and regulatory compliance requirements (SOX, PCI, GDPR, etc.) for IAM services.

• Monitor executive-level compliance metrics (e.g., Security Scorecard) to proactively identify and drive remediation of IAM-related compliance risks.

• Define and coordinate the implementation of solutions to address identified compliance gaps.

• Monitor ongoing compliance status and maintain accurate documentation for audits and governance reviews.

Audit & Evidence Management

• Drive and coordinate internal and external audits, partnering with control owners to ensure timely and complete evidence collection and response.

• Maintain a centralized repository of audit artifacts to support consistent and efficient audit readiness.

• Support audit remediation efforts by ensuring IAM risks, and control gaps are documented and addressed in collaboration with stakeholders.

• Serve as a subject matter liaison for IAM systems during audits, ensuring alignment with applicable standards.

• Assist with third-party audit support and SOC-related collection efforts.

Security Assessments & Risk Activities

• Enroll IAM systems in Risk Assessments, Information Security Attestations (ISAs), Technical Security Assessments, Third Party Assessments and other risk reviews.

• Track and coordinate the remediation of findings from assessments and audits, ensuring timely resolution.

• Maintain and update Archer for IAM-related risks and escalate risks as needed.

Policy & Controls Coordination

• Support the development and ongoing maintenance of IAM compliance procedures and control documentation.

• Identify opportunities to implement or improve automated compliance controls and continuous monitoring capabilities.

Collaboration & Stakeholder Engagement

• Work closely with IAM Governance Leads, IAM Engineering Teams, Service Leads, Legal/Compliance stakeholders, Internal Audit, and Information Security Officers (ISOs).

• Communicate audit findings, risk themes, and control updates across stakeholder groups clearly and consistently.

Awareness & Reporting

• Assist in training and awareness efforts to educate IAM teams on compliance requirements and best practices.

• Prepare status reports, dashboards, and summaries of audit/compliance activities for leadership and stakeholders.

• Monitor and report on compliance trends, risks, and opportunities for IAM process improvement.

• Escalate unresolved risks, critical gaps, or delays in remediation to IAM and organizational leadership when necessary to drive accountability and progress.

Must Haves:

• Minimum of 5 years of experience in IAM compliance, audit coordination, or risk management in enterprise environments.

• Solid understanding of IAM technologies (e.g., Active Directory, Okta, SailPoint), public/private cloud environments, middleware platforms, and IAM-related controls.

• Experience supporting SOX, PCI, SOC, or other regulatory frameworks.

• Proven ability to coordinate across engineering, audit, and compliance teams to drive issue resolution.

• Strong organizational, documentation, and communication skills.

Nice To Have:

• Familiarity with cloud security and hybrid infrastructure environments.

• Experience using risk management or GRC platforms (e.g., Archer).

• Knowledge of audit and risk frameworks such as NIST CSF, ISO 27001, COBIT.

• Relevant certifications (e.g., CISA, CISM, CRISC, or similar) are a plus.

Education:

Bachelor’s degree in Computer Science, Information Systems, Software, Electrical or Electronics Engineering, or comparable field of study, and/or equivalent work experience

#DISNEYTECH

The hiring range for this position in Burbank, CA is $114,900 - $154,100 per year and in Seattle, WA is $120,300 - $161,300 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job-related knowledge, skills, and experience among other factors. A bonus and/or long-term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.