Director Governance Risk and Compliance (RapidScale)
Raleigh, NC - 301 Hillsborough St Suite 1300
Full Time Executive-level / Director USD 171K - 286K
Cox Enterprises
Empower to build. The story of Cox Enterprises is one of hard work, respect for employees, entrepreneurship and making bold decisions.Company
Cox Communications, Inc.Job Family Group
Information TechnologyJob Profile
Sr Director, CybersecurityManagement Level
Sr DirectorFlexible Work Option
Hybrid - Ability to work remotely part of the weekTravel %
NoWork Shift
DayCompensation
Compensation includes a base salary of $171,800.00 - $286,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.Job Description
Reporting to the AVP/CISO RapidScale, the Director, RapidScale Governance Risk and Compliance leads the Information Security Risk and Compliance programs and ensures that the organization remains compliant with all current commitments, helps partner with the business to identify new regulatory and customer/sales enabling security compliance opportunities, and leads transformational efforts to implement controls, technologies, processes and policies to achieve new security compliance objectives in alignment with Cox Communications (CCI) strategic security plan and industry standards. This role builds strong partnerships with multiple stakeholder groups including Rapidscale leadership and technology teams, CCI Security and CEI Internal Audit and Risk Management. This role is aimed towards protecting our customer relationships and simplifying the business with the effective use of security capabilities. Key success factors include the ability to partner, influence and lead both directly and cross-functional teams throughout the organization. The leader must also successfully communicate risk and obtain buy in on risk remediation across the RapidScale environment and with Cox Business (CB) leadership.
Responsibilities:
- Ensure alignment to CCI cybersecurity strategy and program and CCI/CEI enterprise risk management process.
- Create and maintain metrics for leadership to track key elements of security program using the CCI cybersecurity risk management framework and format.
- Ensure executives and other senior leaders across Rapidscale understand their role in security risk management for the enterprise and are provided visibility to these risks on a regular basis.
- Partners closely with CCI for security awareness training and may partner in development of security awareness training specific to onboarding of acquisitions and cloud-based business.
- Maintain suite of RapidScale policies and procedures required for security governance and compliance offerings in alignment with CEI policies and procedures.
- Lead annual Business Impact Analysis (BIA), Privacy and Security Risk Assessment, and Regulatory Risk Assessment for Rapidscale.
- Lead ad hoc security projects and continuous improvement initiatives.
- Participate in incident response activities including oversight of any notification requirements to ensure Legal, Security, and Public Affairs approval.
- Oversee the compliance audit program across all Rapidscale companies, including:
- RapidScale – SOC 1, SOC 2, HITRUST, PCI, and HIPAA
- Logicworks – SOC 1, SOC 2, HITRUST, PCI, ISO 27001, and HIPAA
- Identify go-forward strategy for alignment.
- Monitor progress on all remediation efforts from audits, risk assessment, or other internal/external findings.
- First point of contact for regulatory requirements including DMCA, GDPR, and HIPAA.
- Hire, train, motivate, guide, grow and develop direct reports and employees.
- Educate and negotiate with business leadership and management and to ensure successful development, deployment, and ROI on security solutions.
- Travel up to 20%, as needed.
Qualifications
Minimum:
- Bachelor’s degree in a related discipline and 10 years’ experience in a related field (i.e. risk management or security experience)
- OR the right candidate could also have a different combination, such as a master's degree and 8 years’ experience; a Ph.D. and 5 years’ experience in a related field;
- OR 14 years’ experience in a related field
- • 5+ years’ experience in a management or leadership role
- Strong experience developing and managing Cybersecurity Risk Management programs.
- Experience building and developing a team of skilled GRC resources.
- Knowledge and experience in security compliance programs and relevant security frameworks – Payment Card Industry compliance, NIST, privacy laws including CCPA, GDPR and related state and federal programs and legislation.
- Proven experience with corporate security, compliance, and audit programs.
- Ability to make strategic decisions, supervise complex programs, manage, and educate highly skilled professionals, and manage other departments relating to security risk and control.
- Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities’ security teams to implement security best practices.
Preferred:
- Certified Information Systems Security Professional (CISSP), and/or a Certified Information Systems Manager (CISM), and/or Certified in Risk and Information Systems Controls (CRISC).
Benefits
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.About Us
Cox Communications is all about creating moments of real human connection; and for employees, that’s true both in the workplace and in the problems we solve for customers. From building advertising solutions to unleashing IoT technologies to creating an exceptional experience for customers in our retail locations and online, we’re creating a world that is smarter and more connected. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.Tags: Audits CCPA CISM CISO CISSP Cloud Compliance CRISC GDPR Governance HIPAA HITRUST Incident response IoT ISO 27001 NIST Privacy Risk assessment Risk management RMF SOC SOC 1 SOC 2 Strategy
Perks/benefits: Career development Flex hours Flex vacation Health care Insurance Medical leave Parental leave Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Security Architect jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs