Director Governance Risk and Compliance (RapidScale)

Company

Cox Communications, Inc.

Job Family Group

Information Technology

Job Profile

Sr Director, Cybersecurity

Management Level

Sr Director

Flexible Work Option

Hybrid - Ability to work remotely part of the week

Travel %

No

Work Shift

Day

Compensation

Compensation includes a base salary of $171,800.00 - $286,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.

Job Description

Reporting to the AVP/CISO RapidScale, the Director, RapidScale Governance Risk and Compliance leads the Information Security Risk and Compliance programs and ensures that the organization remains compliant with all current commitments, helps partner with the business to identify new regulatory and customer/sales enabling security compliance opportunities, and leads transformational efforts to implement controls, technologies, processes and policies to achieve new security compliance objectives in alignment with Cox Communications (CCI) strategic security plan and industry standards.  This role builds strong partnerships with multiple stakeholder groups including Rapidscale leadership and technology teams, CCI Security and CEI Internal Audit and Risk Management. This role is aimed towards protecting our customer relationships and simplifying the business with the effective use of security capabilities. Key success factors include the ability to partner, influence and lead both directly and cross-functional teams throughout the organization. The leader must also successfully communicate risk and obtain buy in on risk remediation across the RapidScale environment and with Cox Business (CB) leadership.

Responsibilities:

• Ensure alignment to CCI cybersecurity strategy and program and CCI/CEI enterprise risk management process.
• Create and maintain metrics for leadership to track key elements of security program using the CCI cybersecurity risk management framework and format.
• Ensure executives and other senior leaders across Rapidscale understand their role in security risk management for the enterprise and are provided visibility to these risks on a regular basis.
• Partners closely with CCI for security awareness training and may partner in development of security awareness training specific to onboarding of acquisitions and cloud-based business.
• Maintain suite of RapidScale policies and procedures required for security governance and compliance offerings in alignment with CEI policies and procedures.
• Lead annual Business Impact Analysis (BIA), Privacy and Security Risk Assessment, and Regulatory Risk Assessment for Rapidscale.
• Lead ad hoc security projects and continuous improvement initiatives.
• Participate in incident response activities including oversight of any notification requirements to ensure Legal, Security, and Public Affairs approval.
• Oversee the compliance audit program across all Rapidscale companies, including:
  • RapidScale – SOC 1, SOC 2, HITRUST, PCI, and HIPAA
  • Logicworks – SOC 1, SOC 2, HITRUST, PCI, ISO 27001, and HIPAA
  • Identify go-forward strategy for alignment.
• Monitor progress on all remediation efforts from audits, risk assessment, or other internal/external findings.
• First point of contact for regulatory requirements including DMCA, GDPR, and HIPAA.
• Hire, train, motivate, guide, grow and develop direct reports and employees.
• Educate and negotiate with business leadership and management and to ensure successful development, deployment, and ROI on security solutions.
• Travel up to 20%, as needed.

Qualifications

Minimum:

•  Bachelor’s degree in a related discipline and 10 years’ experience in a related field (i.e. risk management or security experience)
  • OR the right candidate could also have a different combination, such as a master's degree and 8 years’ experience; a Ph.D. and 5 years’ experience in a related field;
  • OR 14 years’ experience in a related field

• • 5+ years’ experience in a management or leadership role
• Strong experience developing and managing Cybersecurity Risk Management programs.
• Experience building and developing a team of skilled GRC resources.
• Knowledge and experience in security compliance programs and relevant security frameworks – Payment Card Industry compliance, NIST, privacy laws including CCPA, GDPR and related state and federal programs and legislation.
• Proven experience with corporate security, compliance, and audit programs.
• Ability to make strategic decisions, supervise complex programs, manage, and educate highly skilled professionals, and manage other departments relating to security risk and control. 

• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities’ security teams to implement security best practices.  

Preferred:

• Certified Information Systems Security Professional (CISSP), and/or a Certified Information Systems Manager (CISM), and/or Certified in Risk and Information Systems Controls (CRISC).

Benefits

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.

About Us

Cox Communications is all about creating moments of real human connection; and for employees, that’s true both in the workplace and in the problems we solve for customers. From building advertising solutions to unleashing IoT technologies to creating an exceptional experience for customers in our retail locations and online, we’re creating a world that is smarter and more connected. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.