Colorado Technology Jobs

Colorado Jobs

Job Information

Comcast Sr. Director, Governance, Risk, and Compliance in Englewood, Colorado

Business Unit:

Summary:

Responsible for managing and overseeing the Information Security department policies, standards, and practices implemented across the Company. Develops initiatives, security strategies, key goals, and activities integrating policies and guidelines. Defines Information Security risk management methodologies and processes. Collaborates extensively with the Information Technology leaders and other related functions to ensure implementation of standards for appropriate security checkpoints and encryption methods. Provides leadership and direction for diverse and complex functions. Contributes to the development of the organization’s business strategy. Interprets business strategy and develops organizational objectives to align with this strategy. Typically manages multiple teams of professionals. Aggregate the functions of standards development, operations implementation guidelines, governance framework and enforcement, technical change management, data repository as well as Audit support and Compliance.

Employees at all levels are expect to:

  • Understand our Operating Principles; make them the guidelines for how you do your job

  • Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services

  • Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences

  • Win as a team - make big things happen by working together and being open to new ideas

  • Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers

  • Drive results and growth

  • Respect and promote inclusion and diversity

  • Do what's right for each other, our customers, investors and our communities

Core Responsibilities:

  • Develops comprehensive project plans and participates in critical Information Technology planning initiatives to ensure adequate security protection measures are incorporated into IT strategic plans.

  • Develops tactical and strategic plans to deliver to the Information Systems team. Implements policies and procedures related to data security.

  • Assumes project management responsibilities (e.g. risk assessments and remediation activities, awareness and training program rollouts) as needed, to implement initiatives.

  • Receives input from various divisions regarding Information Security policies, guidelines, strategic goals, risks, and risk tolerance thresholds and communicates information to Information Security team.

  • Provide oversight to the Compliance team in all audit or compliance initiatives or discussions with, but not limited to, Comcast Global Audit (CGA), Comcast’s External Audit team and Comcast’s Payment Card industry (PCI) assessment team.

-Provides oversight to the cable video network technical data (zip-zone mapping) and subscriber count collection group for Effectv’s business

  • Selects, develops, and evaluates personnel to ensure efficient operations within department.

  • Manages and supervises third parties (contractors, consultants, etc.) and performs various tasks for Company hosted and web-enabled solutions.

  • Assists in the preparation of budgets and forecasts.

  • Consistent exercise of independent judgment and discretion in matters of significance.

  • Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.

  • Other duties and responsibilities as assigned.

  • Requires BA/BS with 10 years of experience with at least 4 years of management level responsibility. 5 years of experience in managing compliance security projects. Knowledge of NIST Cybersecurity documentation

  • Experience with the following regulatory controls: ISO 20000 and 27001, SOX, PCI, SSAE16, SOC2, and HIPAA etc.

  • Experience with performing compliance and risk assessment audits.

  • 10+ years’ experience in information technology; 5+ in a security governance, risk, and compliance management experience

  • 5+ years of progressive information security work experience

  • Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.)

    • Prior experience with security policy, standards, and controls definition
  • Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions

  • Experience with risk assessments, regulatory requirement can be PCI or SOC 2

  • Experience with regulatory compliance GDPR

  • Ability to collaboratively develop a risk strategy in conjunction with stakeholders

  • Strong analytical thinking, written, and oral communication and presentation skills

  • Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, CCPA and ISO standards.

  • Must have the ability to influence others and work at all management levels across the organizational structure

  • Broad understanding of security and privacy concepts

  • Experience working in an international/global organization

  • Experience With GRC Software Preferred.

  • In-Depth understanding and working knowledge of information security data and processes.

Certifications:

  • CISA: Certified Information Security Auditor

  • CRISC: Certified in Risk and Information Systems Control

  • CISSP: Certified Information Systems Security Professional

  • CISM: Certified Information Systems Manager

  • GSLC: GIAC Security Leadership

  • CSX Certificate, CSX Practitioner, or CSX Specialist

  • Other applicable IT, Information Security and Compliance related certifications

Comcast is an EEO/AA/Drug Free Workplace.

DirectEmployers