Comcast Sr. Director, Governance, Risk, and Compliance in Englewood, Colorado
Responsible for managing and overseeing the Information Security department policies, standards, and practices implemented across the Company. Develops initiatives, security strategies, key goals, and activities integrating policies and guidelines. Defines Information Security risk management methodologies and processes. Collaborates extensively with the Information Technology leaders and other related functions to ensure implementation of standards for appropriate security checkpoints and encryption methods. Provides leadership and direction for diverse and complex functions. Contributes to the development of the organization’s business strategy. Interprets business strategy and develops organizational objectives to align with this strategy. Typically manages multiple teams of professionals. Aggregate the functions of standards development, operations implementation guidelines, governance framework and enforcement, technical change management, data repository as well as Audit support and Compliance.
Employees at all levels are expect to:
Understand our Operating Principles; make them the guidelines for how you do your job
Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services
Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences
Win as a team - make big things happen by working together and being open to new ideas
Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers
Drive results and growth
Respect and promote inclusion and diversity
Do what's right for each other, our customers, investors and our communities
Develops comprehensive project plans and participates in critical Information Technology planning initiatives to ensure adequate security protection measures are incorporated into IT strategic plans.
Develops tactical and strategic plans to deliver to the Information Systems team. Implements policies and procedures related to data security.
Assumes project management responsibilities (e.g. risk assessments and remediation activities, awareness and training program rollouts) as needed, to implement initiatives.
Receives input from various divisions regarding Information Security policies, guidelines, strategic goals, risks, and risk tolerance thresholds and communicates information to Information Security team.
Provide oversight to the Compliance team in all audit or compliance initiatives or discussions with, but not limited to, Comcast Global Audit (CGA), Comcast’s External Audit team and Comcast’s Payment Card industry (PCI) assessment team.
-Provides oversight to the cable video network technical data (zip-zone mapping) and subscriber count collection group for Effectv’s business
Selects, develops, and evaluates personnel to ensure efficient operations within department.
Manages and supervises third parties (contractors, consultants, etc.) and performs various tasks for Company hosted and web-enabled solutions.
Assists in the preparation of budgets and forecasts.
Consistent exercise of independent judgment and discretion in matters of significance.
Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
Other duties and responsibilities as assigned.
Requires BA/BS with 10 years of experience with at least 4 years of management level responsibility. 5 years of experience in managing compliance security projects. Knowledge of NIST Cybersecurity documentation
Experience with the following regulatory controls: ISO 20000 and 27001, SOX, PCI, SSAE16, SOC2, and HIPAA etc.
Experience with performing compliance and risk assessment audits.
10+ years’ experience in information technology; 5+ in a security governance, risk, and compliance management experience
5+ years of progressive information security work experience
Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.)
- Prior experience with security policy, standards, and controls definition
Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
Experience with risk assessments, regulatory requirement can be PCI or SOC 2
Experience with regulatory compliance GDPR
Ability to collaboratively develop a risk strategy in conjunction with stakeholders
Strong analytical thinking, written, and oral communication and presentation skills
Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, CCPA and ISO standards.
Must have the ability to influence others and work at all management levels across the organizational structure
Broad understanding of security and privacy concepts
Experience working in an international/global organization
Experience With GRC Software Preferred.
In-Depth understanding and working knowledge of information security data and processes.
CISA: Certified Information Security Auditor
CRISC: Certified in Risk and Information Systems Control
CISSP: Certified Information Systems Security Professional
CISM: Certified Information Systems Manager
GSLC: GIAC Security Leadership
CSX Certificate, CSX Practitioner, or CSX Specialist
Other applicable IT, Information Security and Compliance related certifications
Comcast is an EEO/AA/Drug Free Workplace.