Director, Cyber Risk Management
The Director, Cyber Risk Management will report to the Associate Vice President, Cybersecurity. This individual will be responsible for leading a team of professionals in tracking and reporting cybersecurity risks across the company. Responsibilities include governance of cybersecurity standards, continuous control compliance monitoring, identification and evaluation of cybersecurity risk, and reporting of cybersecurity risks and initiatives to executive leadership.
This individual will lead a team of three resources that will perform day to day risk tracking and reporting in coordination with technology and process owners. This individual will be responsible for understanding the cybersecurity strategy and objectives and engaging various teams across the organization to drive action to meet those objectives.
Successful candidates will demonstrate strong written and verbal communication skills, adjusting the level of detail and summarization as appropriate for the audience. Successful candidates will also possess a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a desire to drive efforts to their conclusion as needed.
Primary Responsibilities and Essential Functions
- Enhances, maintains, and champions engagement with the business and the Technology organization to monitor and manage visibility to key security risks and status of remediation.
- Manages alignment with the strategic security plan to ensure that activities contribute to advancing the reduction of security risk across the organization.
- Directs routine, ongoing processes to formalize, track, and report security risks across varying levels of stakeholders, including risk owners and executive leadership.
- Establishes and executes strategy for formalization and routine governance of security standards, which includes coverage across key technologies and process, routine maintenance, and accessibility across the organization.
- Establishes and directs governance of key security controls that align with strategic security plan.
- Collaborates with other leaders to establish success criteria and metrics for reporting compliance with key security controls.
- Directs the development, enhancement, and execution of continuous monitoring of key security controls across the technology environment.
- Creates routine and ad hoc presentations for executive leadership to ensure awareness and alignment on security risks and initiatives and support key security decisions.
- Contributes to the development and advancement of the strategic security plan.
- Performs project management and change management duties, as assigned.
- Performs other duties and responsibilities, as assigned.
- Bachelor’s degree in a related discipline and 10 years’ experience in a related field. The right candidate could also have a different combination, such as a master's degree and 8 years’ experience; a Ph.D. and 5 years’ experience in a related field; or 14 years’ experience in a related field
- 5+ years’ experience in a management or leadership role
- 10+ years of experience working in information security controls, information technology audit, or security risk management.
- At least 5 years of leadership experience, including coaching, consensus building, and ability to effectively manage resources to address competing priorities.
- Experience creating executive level presentations.
- Experience in creating business cases to obtain funding and resource approval.
- Experience escalating risk issues to senior technology or company leadership.
- Ability to manage across functional teams to achieve desired business results.
- Ability to translate a business agenda into technology terms and vice versa.
- Excellent interpersonal, written, and verbal communications skills.
- Ability to summarize and communicate technical concepts to non-technical audiences.
- Strong understanding and experience with information security technologies.
- Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively.
- BA/BS in a related discipline required (i.e., Computer Science, Management Information Systems, Computer Engineering, etc.)
- Degree in related discipline strongly preferred.
- Professional services/Big Four consulting background.
- Fortune 500 company experience.
- Telecom/Cable industry experience.
- At least one relevant industry certification – CISSP, CISM, CRISC, CISA.
Cox Communications is the largest private telecom company in America, serving six million homes and businesses. That’s a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you’re interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO).
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.