The Enterprise Technology mission is to deliver technology solutions that align to business strategies while enabling enterprise efficiency and promoting cross-company collaborative innovation. Our group drives competitive advantage by enhancing our consumer experiences, enabling business growth, and advancing operational excellence.

• Manage expansion and maturity of the following Disney Entertainment (DE) Information Security Office (ISO) services & programs within the East Asian region, inclusive of Korea, Japan, and China. • Security baseline and monitoring of business-critical products • Pervasive risk monitoring and reporting • Security champions program • Vendor risk management • Risk assessments • Risk Acceptance • Security training and awareness • Partner with executive management, department leaders, and corporate services to seamlessly integrate security into existing processes, ensuring that business operations remain uninterrupted • Provide executive management and department leaders visibility into key risks impacted the region • Ensure alignment between information security strategies, and business objectives and roadmaps • Ensures programs are in compliance with corporate policies and standards, and other applicable laws & regulations. Specific responsibilities related to K-ISMS include: • Lead the implementation, maintenance, and surveillance of K-ISMS certification, ensuring compliance with Korean regulatory standards • Act as the primary liaison with regulators, auditors, and external assessors in Korea • Partner with the global Privacy / Legal team to ensure alignment on privacy-related risks and integration of privacy considerations into security controls. • Serve as subject matter expert to internal business and IT partners on corporate policies, applicable compliance standards (e.g. K-ISMS, PCI, relevant privacy regulations, etc.) and industry-best practices (e.g. ITIL, COBIT, ISO 27001) • Build a strong understanding of the business environment to identify, mitigate, and remediate risk • Research, learn, and evaluate solutions to address complex problems • Stay current on market developments to identify emerging security technologies, risks and trends to ensure that computing environment keeps pace with security technology and risk landscape evolution • Identify and establish process improvements, automation and innovation opportunities to simplify, standardize and improve security services • Manage, prioritize, and proactively report on the status of assigned projects and/or team deliverables to impacted stakeholders • Through example and behavior, strive to provide leadership to direct reports and other team members with the goals of providing service excellence

• At least 7 years of experience in Information Technology • At least 5 years of experience in Risk Management, Information Security, or Audit & Compliance • At least 3 years of leadership experience, including team management and oversight of direct reports. • Strong experience with K-ISMS certification lifecycle (implementation, assessment, remediation, surveillance) • Bilingual proficiency: Korean (native or fluent) and English (business fluent), both written and spoken • Experience of interpreting and assessing risk based on information from numerous sources to form practical and operational realistic solutions • Working knowledge of information security related best practices and standards such as ISO 2700x, SOC 2, NIST, PCI requirements etc. • Working knowledge of cloud infrastructure and security principles • Knowledge of conducting risk assessments using industry recognized risk management methodologies • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or comparable field of study, and / or equivalent work experience

• Progress toward one or more industry-recognized certifications (e.g., CISA, CISM, CRISC, ISO 27001, CCSP, CISSP, Security+) • Master’s degree in computer science, information security, or a related technology discipline • Proficient understanding of security and vulnerability detection tools, such as Tenable, Qualys, CrowdStrike, and Prisma • Demonstrated experience in large enterprise environments and/or within a Big 4 accounting firm • Hands-on experience with regulatory security frameworks, including ISO standards • Familiarity with privacy principles and regulations (e.g., Korean PIPA), with the ability to collaborate effectively with Privacy and Legal teams • Privacy certifications (such as CIPP/A, CIPM)

For more details, please refer to the company website.