Basically you need a secure channel and/or file encryption. You may optionally want time-based or count-based access control but IMO that’s less important because, ultimately, once the secrets are divulged, it’s open season on your target, who has them in whatever (probably insecure) form is most convenient to them. Just get them to confirm they have the goods and then you can delete the file / shut off the server / etc.
“Security” is subjective. Some people think iMessage is secure because Apple says so, others won’t. And the harder stuff, which is more concretely secure, is only really accessible to techies and other social inadequates. And of the forms that are more generally available, portability is much harder.
If I were aiming high, at a reasonably non-techie audience, I’d suggest Bitwarden Send (part of the BitWarden password manager), which allows you to store encrypted files that are decrypted in the browser of the recipient using a password and enforce some controls on access. This is enough for confidential documents. For much larger files, services like sendfiles.dev allow you to peer-to-peer send files from browser to browser with the recipient’s browser decrypting the file received, again using the password set by the sender. These both impose essentially no burden on your recipient: tell them to go to a web page and enter a password. The channel is secure, and so the file data. The key is the use of WebCrypto, which makes the browser do the cryptography.
Of course you can aim somewhat lower, too. The humble encrypted zip is all very well and good, but beware the legacy zip 2.0 encryption algorithm which is trivially broken using a known-plaintext attack: use AES-128 or better, supported by WinZip (Mac and Windows), or command-line implementations. Other archivers, like rar and 7zip, have good encryption too (Windows native, command-line on *NIX). There is the disk image, but really, it’s a Mac-to-Mac solution; these files aren’t intended to be portable. The Windows internal zip support doesn’t support encryption with AES, so you’ll have to get your recipient to install the corresponding archiver. Alternatively, there is the option of “self-extracting” archives: the archive also includes the code to decompress it on the target platform, but can also be extracted with an installed archiver. This has a risk, which is that with no realistic way for the recipient to verify that the archive hasn’t been tampered with, it is possible that it could compromise your data when the archive is run, so if it’s important to you to eliminate this risk, you’ll need a secure channel for communicating the file.
And of course, if you trust the big boys, there’s always the various end-to-end messengers WhatsApp, iMessage, Signal, Threema. Take your pick. If you trust them to be good about security, it’s probably OK to trust them with a temporary transfer of your file.
The one you need to be super careful about is email. In general, unless you know that the sender and recipient use services that strictly enforce a secure channel between themselves, with or without prior arrangement (the latter, for instance, can be done using DANE and DNSSEC) then you can’t rely on email to be secure. So, that potential consideration aside, just assume email is insecure, and only use it for the transfer of already-encrypted data (in an archive, with S/MIME/OpenPGP, etc).