La Description
The Cyber Risk & Compliance Sr Analyst will report to the Sr Manager, Cybersecurity. As a member of the compliance team, you will contribute to compliance and governance activities related to multiple frameworks including SOC 2, PCI-DSS and NIST 800-53. The ideal candidate brings a strong understanding of security controls, control design and operating effectiveness testing to the team to facilitate gap assessments, assist with security controls implementation activities, and contribute to enhance the overall compliance and cybersecurity program. The right candidate has a proactive mindset and exhibits accountability for projects and tasks while driving actions across multiple teams. Strong written and verbal communication abilities and exceptional interpersonal skills to promote compliance across teams to achieve results is a must to be successful in this role. The ideal candidate possesses a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a natural desire to drive efforts to their conclusion.
Primary Responsibilities:
-
Provide governance over internal assessments and external audits of compliance programs.
-
Collaborate with cross-functional teams to ensure they are properly implementing and managing security controls, understand their operations, and ensure compliance with standards.
-
Develop and maintain remediation plans alongside remediation owners, then track the remediation plans through completion.
-
Monitor and enhance the controls needed to achieve and maintain SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001 or other compliance requirements. Perform controls testing for operating effectiveness.
-
Manage changes to control frameworks that support our security compliance objectives.
-
Maintain the tools and processes that keep our compliance monitoring going strong.
-
Effectively communicate compliance project status, timelines, risk, remediation efforts to stakeholders and leadership.
-
Help with the development of key reporting metrics and executive presentations to make sure there is always awareness and support of our compliance programs.
Qualifications and Experience:
Minimum
-
Bachelor’s degree in a related discipline and 6 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 4 years’ experience; a Ph.D. and 1 year of experience; or 18 years’ experience in a related field
-
4+ years of experience working in information security controls, information technology audit, or security risk management.
-
Ability to communicate with a variety of different stakeholders, from peer team members all the way up to the executive level.
-
Strong understanding and experience with information security technologies.
-
Ability to adjust to multiple demands, changing priorities, and rapid change, while keeping a good attitude and multitasking effectively.
Preferred
-
At least one relevant industry certification such as CISSP, CISM, CRISC, CISA.
-
Subject Matter Expertise in a minimum of security frameworks such as SOC 2, PCI-DSS, HITRUST, HIPAA, ISO 27001, NIST 800-53, NIST Cybersecurity Framework.
-
Understanding of security engineering principles.
-
Professional services audit or consulting background a plus.
-
Telecom/Cable industry experience a plus
Compensation:
Compensation includes a base salary of $90,100.00 - $150,100.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.
About Cox Communications
Cox Communications is committed to creating meaningful moments of human connection through broadband applications and services. The largest private telecom company in America, we proudly serve six million homes and businesses across 18 states. We're dedicated to empowering others to build a better future and celebrate diverse products, people, suppliers, communities and the characteristics that makes each one unique.
About Cox
We are the Cox family of businesses. We’ve been making our mark since 1898 by building and evolving world-class businesses, staying true to our values, and encouraging top talent to always look for growth and impact while building a career with us. Our primary divisions – Cox Communications and Cox Automotive – are driving a new wave of innovation, powering smart cities with powerhouse broadband communications and pioneering greener, more progressive transportation alternatives for individuals and fleet operators. We’re also expanding into new spaces like cleantech and healthcare to rev up our momentum toward building a better future for the next generation. We’re looking for the talent today who will be our leaders tomorrow. Sound intriguing? Learn more about where we are today, where we hope you’ll be going with us, and the common purpose that unites us at coxenterprises.com.
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.