Principal Compliance Analyst
The Walt Disney Company (France), Bristol, CT, United States
Role Summary
P&T is supporting a multi‑year GIS initiative aligned to the NIST Cybersecurity Framework (CSF) to strengthen operational resilience, reduce enterprise risk, and demonstrate measurable security maturity to shareholders, regulators, and external customers.
Achieving meaningful improvement across NIST domains requires coordinated execution across numerous security programs, engineering teams, and operational functions. To ensure success, we are establishing a dedicated NIST Security Program Lead responsible for governing and orchestrating the delivery of all NIST‑aligned initiatives across the enterprise security roadmap.
This role must be filled as a project hire (employee) rather than a contractor due to the sensitivity of the work. The position will have visibility into confidential security architecture, control weaknesses, internal audit findings, risk assessments, and remediation strategies that directly impact the organization’s security posture. The NIST Principal Compliance Analyst operates as the central execution authority for the NIST program, ensuring that all framework‑aligned initiatives progress with clear governance, measurable outcomes, and transparent reporting to senior leadership.
Program Philosophy and Operating Model
The NIST program will be executed using a framework‑driven operational model focused on measurable security maturity and transparent governance.
Framework Alignment – All initiatives must map clearly to NIST CSF domains: Identify, Protect, Detect, Respond, and Recover.
Measurable Progress – Security improvements must be quantifiable through defined maturity targets and scorecards.
Transparent Governance – Program progress must be visible to engineering teams, program leaders, and executive stakeholders.
Cross‑Enterprise Collaboration – The program coordinates across security engineering, infrastructure, application development, and operations teams.
Key Responsibilities – NIST Program Leadership & Governance
Serve as enterprise program leader responsible for execution of the NIST CSF roadmap.
Establish the governance model for NIST initiatives including initiative ownership, accountability, and reporting cadence.
Coordinate program execution across security engineering, infrastructure teams, and application teams.
Ensure initiatives move from design to deployment to operational maturity.
Workstream Coordination & Delivery Oversight
IT Asset Management and CMDB maturity
Zero Trust architecture deployment
Data Security Posture Management (DSPM)
Privileged Access Management (PAM) expansion
Identity and application authentication governance
Secrets management lifecycle automation
Consumer protection security controls
AI security governance and defensive controls
Insider threat monitoring capabilities
Vendor risk management processes
Patch and vulnerability management automation
Ensure each initiative maintains clear deliverables, milestone tracking, measurable outcomes, and NIST alignment.
Program Scorecards & Security Maturity Measurement
Execute the P&T work of a GIS driven and designed security maturity measurement framework aligned to NIST CSF.
Develop standardized scorecards measuring control maturity, implementation coverage, operational adoption, and risk reduction impact in partnership with GIS.
Build program dashboards that show initiative progress, maturity improvement, remediation velocity, and participation across teams.
Provide and support executive‑level reporting enabling leadership to understand security posture and risk reduction progress.
Executive Stakeholder Communication
Serve as central communication lead for the NIST program.
Develop structured communications including monthly executive briefings and quarterly maturity reports.
Translate technical security work into strategic insights for leadership.
Ensure leadership visibility into both program progress and emerging risks.
Matrix Leadership & Cross‑Functional Execution
Lead execution across a matrixed organization without direct reporting authority.
Influence engineering leaders, architects, and security teams to align with NIST objectives.
Coordinate contributions from security engineering, identity teams, infrastructure teams, platform teams, and application development.
Drive accountability across distributed teams to ensure measurable outcomes.
Risk Identification and Remediation Strategy
Continuously assess the organization’s security posture relative to NIST expectations.
Identify gaps between current control maturity and target maturity.
Coordinate remediation strategies prioritizing highest risk exposure areas.
Ensure remediation initiatives deliver sustainable security improvements.
Governance Structure
NIST Steering Committee – Participate with other senior leadership oversight responsible for strategic direction.
Initiative Workstream Leads – Coordinate / Lead technical leaders responsible for execution within each domain.
Program Management Layer – Operational coordination ensuring milestones and dependencies remain aligned.
Executive Reporting Cadence – Regular updates on maturity progress, risk posture, and initiative health.
Qualifications – Experience
10+ years in enterprise security, security architecture, risk management, or security program leadership or equivalent program leading experience.
Experience leading large‑scale security or related transformation programs.
Familiarity with operating security programs aligned to NIST, ISO 27001, PCI DSS, or SOX.
Experience coordinating cross‑functional engineering, technical, data and/or security initiatives within complex enterprise / technical / service environments.
Bachelor’s degree required.
Core Competencies
Enterprise program leadership
Matrix leadership across engineering teams
Strategic planning and operational execution
Security framework interpretation and implementation
Executive communication and influence
Data‑driven program reporting
Impact of This Role
Improves measurable maturity against the NIST Cybersecurity Framework.
Strengthens enterprise security posture across identity, asset visibility, privileged access, and data protection.
Provides leadership clear insight into security maturity and risk exposure.
Aligns engineering teams with operational security improvements while maintaining delivery velocity.
Demonstrates to customers, partners, regulators, and shareholders a structured and continuously improving security posture.
The hiring range for this position in Connecticut is $155,700.00 to $208,700.00 per year and in New York is $163,100.00 to $218,700.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job‑related knowledge, skills, and experience among other factors. A bonus and/or long‑term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
#J-18808-Ljbffr
P&T is supporting a multi‑year GIS initiative aligned to the NIST Cybersecurity Framework (CSF) to strengthen operational resilience, reduce enterprise risk, and demonstrate measurable security maturity to shareholders, regulators, and external customers.
Achieving meaningful improvement across NIST domains requires coordinated execution across numerous security programs, engineering teams, and operational functions. To ensure success, we are establishing a dedicated NIST Security Program Lead responsible for governing and orchestrating the delivery of all NIST‑aligned initiatives across the enterprise security roadmap.
This role must be filled as a project hire (employee) rather than a contractor due to the sensitivity of the work. The position will have visibility into confidential security architecture, control weaknesses, internal audit findings, risk assessments, and remediation strategies that directly impact the organization’s security posture. The NIST Principal Compliance Analyst operates as the central execution authority for the NIST program, ensuring that all framework‑aligned initiatives progress with clear governance, measurable outcomes, and transparent reporting to senior leadership.
Program Philosophy and Operating Model
The NIST program will be executed using a framework‑driven operational model focused on measurable security maturity and transparent governance.
Framework Alignment – All initiatives must map clearly to NIST CSF domains: Identify, Protect, Detect, Respond, and Recover.
Measurable Progress – Security improvements must be quantifiable through defined maturity targets and scorecards.
Transparent Governance – Program progress must be visible to engineering teams, program leaders, and executive stakeholders.
Cross‑Enterprise Collaboration – The program coordinates across security engineering, infrastructure, application development, and operations teams.
Key Responsibilities – NIST Program Leadership & Governance
Serve as enterprise program leader responsible for execution of the NIST CSF roadmap.
Establish the governance model for NIST initiatives including initiative ownership, accountability, and reporting cadence.
Coordinate program execution across security engineering, infrastructure teams, and application teams.
Ensure initiatives move from design to deployment to operational maturity.
Workstream Coordination & Delivery Oversight
IT Asset Management and CMDB maturity
Zero Trust architecture deployment
Data Security Posture Management (DSPM)
Privileged Access Management (PAM) expansion
Identity and application authentication governance
Secrets management lifecycle automation
Consumer protection security controls
AI security governance and defensive controls
Insider threat monitoring capabilities
Vendor risk management processes
Patch and vulnerability management automation
Ensure each initiative maintains clear deliverables, milestone tracking, measurable outcomes, and NIST alignment.
Program Scorecards & Security Maturity Measurement
Execute the P&T work of a GIS driven and designed security maturity measurement framework aligned to NIST CSF.
Develop standardized scorecards measuring control maturity, implementation coverage, operational adoption, and risk reduction impact in partnership with GIS.
Build program dashboards that show initiative progress, maturity improvement, remediation velocity, and participation across teams.
Provide and support executive‑level reporting enabling leadership to understand security posture and risk reduction progress.
Executive Stakeholder Communication
Serve as central communication lead for the NIST program.
Develop structured communications including monthly executive briefings and quarterly maturity reports.
Translate technical security work into strategic insights for leadership.
Ensure leadership visibility into both program progress and emerging risks.
Matrix Leadership & Cross‑Functional Execution
Lead execution across a matrixed organization without direct reporting authority.
Influence engineering leaders, architects, and security teams to align with NIST objectives.
Coordinate contributions from security engineering, identity teams, infrastructure teams, platform teams, and application development.
Drive accountability across distributed teams to ensure measurable outcomes.
Risk Identification and Remediation Strategy
Continuously assess the organization’s security posture relative to NIST expectations.
Identify gaps between current control maturity and target maturity.
Coordinate remediation strategies prioritizing highest risk exposure areas.
Ensure remediation initiatives deliver sustainable security improvements.
Governance Structure
NIST Steering Committee – Participate with other senior leadership oversight responsible for strategic direction.
Initiative Workstream Leads – Coordinate / Lead technical leaders responsible for execution within each domain.
Program Management Layer – Operational coordination ensuring milestones and dependencies remain aligned.
Executive Reporting Cadence – Regular updates on maturity progress, risk posture, and initiative health.
Qualifications – Experience
10+ years in enterprise security, security architecture, risk management, or security program leadership or equivalent program leading experience.
Experience leading large‑scale security or related transformation programs.
Familiarity with operating security programs aligned to NIST, ISO 27001, PCI DSS, or SOX.
Experience coordinating cross‑functional engineering, technical, data and/or security initiatives within complex enterprise / technical / service environments.
Bachelor’s degree required.
Core Competencies
Enterprise program leadership
Matrix leadership across engineering teams
Strategic planning and operational execution
Security framework interpretation and implementation
Executive communication and influence
Data‑driven program reporting
Impact of This Role
Improves measurable maturity against the NIST Cybersecurity Framework.
Strengthens enterprise security posture across identity, asset visibility, privileged access, and data protection.
Provides leadership clear insight into security maturity and risk exposure.
Aligns engineering teams with operational security improvements while maintaining delivery velocity.
Demonstrates to customers, partners, regulators, and shareholders a structured and continuously improving security posture.
The hiring range for this position in Connecticut is $155,700.00 to $208,700.00 per year and in New York is $163,100.00 to $218,700.00 per year. The base pay actually offered will take into account internal equity and also may vary depending on the candidate’s geographic region, job‑related knowledge, skills, and experience among other factors. A bonus and/or long‑term incentive units may be provided as part of the compensation package, in addition to the full range of medical, financial, and/or other benefits, dependent on the level and position offered.
#J-18808-Ljbffr