The Cyber Risk & Compliance Sr Analyst will report to the Sr Manager, Cybersecurity. As a member of the compliance team, you will contribute to compliance and governance activities related to multiple frameworks including SOC 2, PCI-DSS and NIST 800-53. The ideal candidate brings a strong understanding of security controls, control design and operating effectiveness testing to the team to facilitate gap assessments, assist with security controls implementation activities, and contribute to enhance the overall compliance and cybersecurity program. The right candidate has a proactive mindset and exhibits accountability for projects and tasks while driving actions across multiple teams. Strong written and verbal communication abilities and exceptional interpersonal skills to promote compliance across teams to achieve results is a must to be successful in this role. The ideal candidate possesses a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a natural desire to drive efforts to their conclusion.
Primary Responsibilities:
-
Provide governance over internal assessments and external audits of compliance programs.
-
Collaborate with cross-functional teams to ensure they are properly implementing and managing security controls, understand their operations, and ensure compliance with standards.
-
Develop and maintain remediation plans alongside remediation owners, then track the remediation plans through completion.
-
Monitor and enhance the controls needed to achieve and maintain SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001 or other compliance requirements. Perform controls testing for operating effectiveness.
-
Manage changes to control frameworks that support our security compliance objectives.
-
Maintain the tools and processes that keep our compliance monitoring going strong.
-
Effectively communicate compliance project status, timelines, risk, remediation efforts to stakeholders and leadership.
-
Help with the development of key reporting metrics and executive presentations to make sure there is always awareness and support of our compliance programs.
Qualifications and Experience:
Minimum
-
Bachelor’s degree in a related discipline and 6 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 4 years’ experience; a Ph.D. and 1 year of experience; or 18 years’ experience in a related field
-
4+ years of experience working in information security controls, information technology audit, or security risk management.
-
Ability to communicate with a variety of different stakeholders, from peer team members all the way up to the executive level.
-
Strong understanding and experience with information security technologies.
-
Ability to adjust to multiple demands, changing priorities, and rapid change, while keeping a good attitude and multitasking effectively.
Preferred
-
At least one relevant industry certification such as CISSP, CISM, CRISC, CISA.
-
Subject Matter Expertise in a minimum of security frameworks such as SOC 2, PCI-DSS, HITRUST, HIPAA, ISO 27001, NIST 800-53, NIST Cybersecurity Framework.
-
Understanding of security engineering principles.
-
Professional services audit or consulting background a plus.
-
Telecom/Cable industry experience a plus
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses – which includes Cox Automotive and Cox Communications – is forging a better future for us all. Ready to make your mark? Join us today!
------------
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.