Principal Compliance Analyst

The Walt Disney Company•Bristol, CT

1d•Onsite

About The Position

The Principal Compliance Analyst role is within Disney Entertainment and ESPN Product & Technology's Business Operations team. This team is responsible for guiding technology strategy, research, and managing the day-to-day operations of the Product & Technology organization, including project and portfolio management, resource allocation, process management, and technical incident management. The P&T organization is currently supporting a multi-year GIS initiative aligned with the NIST Cybersecurity Framework (CSF) to enhance operational resilience, mitigate enterprise risk, and demonstrate measurable security maturity to stakeholders, regulators, and external customers. This position is crucial for governing and orchestrating the delivery of all NIST-aligned initiatives across the enterprise security roadmap. The role is designated as a project hire (employee) due to the sensitive nature of the work, which involves access to confidential security architecture, control weaknesses, internal audit findings, risk assessments, and remediation strategies that directly impact the organization's security posture. The NIST Principal Compliance Analyst will serve as the central execution authority for the NIST program, ensuring that all framework-aligned initiatives proceed with clear governance, measurable outcomes, and transparent reporting to senior leadership. The program operates on a framework-driven model, emphasizing measurable security maturity and transparent governance, with all initiatives mapped to NIST CSF domains (Identify, Protect, Detect, Respond, Recover), quantifiable progress, visible governance, and cross-enterprise collaboration.

Requirements

10+ years in enterprise security, security architecture, risk management, or security program leadership or equivalent program leading experience.
Experience leading large-scale security or related transformation programs.
Familiarity with operating security programs aligned to NIST, ISO 27001, PCI DSS, or SOX.
Experience coordinating cross-functional engineering, technical, data and/or security initiatives within complex enterprise / technical / service environments.
Bachelor’s degree required.
Enterprise program leadership.
Matrix leadership across engineering teams.
Strategic planning and operational execution.
Security framework interpretation and implementation.
Executive communication and influence.
Data-driven program reporting.

Responsibilities

Serve as enterprise program leader responsible for execution of the NIST CSF roadmap.
Establish the governance model for NIST initiatives including initiative ownership, accountability, and reporting cadence.
Coordinate program execution across security engineering, infrastructure teams, and application teams.
Ensure initiatives move from design to deployment to operational maturity.
Oversee Workstream Coordination & Delivery for IT Asset Management and CMDB maturity, Zero Trust architecture deployment, Data Security Posture Management (DSPM), Privileged Access Management (PAM) expansion, Identity and application authentication governance, Secrets management lifecycle automation, Consumer protection security controls, AI security governance and defensive controls, Insider threat monitoring capabilities, Vendor risk management processes, Patch and vulnerability management automation.
Ensure each initiative maintains clear deliverables, milestone tracking, measurable outcomes, and NIST alignment.
Execute the P&T work of a GIS driven and designed security maturity measurement framework aligned to NIST CSF.
Develop standardized scorecards measuring control maturity, implementation coverage, operational adoption, and risk reduction impact in partnership with GIS.
Build program dashboards that show initiative progress, maturity improvement, remediation velocity, and participation across teams.
Provide and support executive-level reporting enabling leadership to understand security posture and risk reduction progress.
Serve as central communication lead for the NIST program.
Develop structured communications including monthly executive briefings and quarterly maturity reports.
Translate technical security work into strategic insights for leadership.
Ensure leadership visibility into both program progress and emerging risks.
Lead execution across a matrixed organization without direct reporting authority.
Influence engineering leaders, architects, and security teams to align with NIST objectives.
Coordinate contributions from security engineering, identity teams, infrastructure teams, platform teams, and application development.
Drive accountability across distributed teams to ensure measurable outcomes.
Continuously assess the organization's security posture relative to NIST expectations.
Identify gaps between current control maturity and target maturity.
Coordinate remediation strategies prioritizing highest risk exposure areas.
Ensure remediation initiatives deliver sustainable security improvements.
Participate with other senior leadership oversight responsible for strategic direction in the NIST Steering Committee.
Coordinate / Lead technical leaders responsible for execution within each domain (Initiative Workstream Leads).
Ensure operational coordination for milestones and dependencies (Program Management Layer).
Provide regular updates on maturity progress, risk posture, and initiative health (Executive Reporting Cadence).