Senior Director, Security Governance, Risk & Compliance (GRC) and Mergers & Acquisitions (M&A) Cybersecurity

Company

Cox Enterprises

Job Family Group

Information Technology

Job Profile

Sr Director, Cybersecurity

Management Level

Sr Director

Flexible Work Option

Hybrid - Ability to work remotely part of the week

Travel %

No

Work Shift

Day

Compensation

Compensation includes a base salary of $192,800.00 - $321,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.

Job Description

The Senior Director of Security Governance, Risk & Compliance (GRC) and Mergers & Acquisitions (M&A) Cybersecurity will oversee a multi-functional organization responsible for information risk and compliance programs, securing new strategic investments, and ensuring exemplary data protection across the enterprise.

As the leader of Security Governance Risk and Compliance (GRC), this individual will strategically direct Cox Enterprises' (CEI) information security risk and compliance programs, ensuring that the organization remains compliant with all current requirements. They will collaborate with emerging business entities to manage regulatory and security compliance needs and lead transformative efforts to implement controls, technologies, processes, and policies to meet new security compliance objectives.

In their capacity as the leader of M&A Cybersecurity, this role will strategically guide the establishment of effective cybersecurity programs and capabilities at CEI growth companies to ensure adequate protections for these investments. The leader will oversee risk management, governance, strategic roadmaps, and security capability deployments where appropriate. Additionally, they will participate in cybersecurity due diligence and post-acquisition processes for new investments. This role involves maintaining key relationships at all levels within the scope of these companies.

Key success factors include the ability to partner with, influence, and lead both directly and cross-functionally across the organization. The leader must also effectively communicate risk and secure buy-in on risk remediation efforts across CEI and associated growth companies.

This position reports directly to the Chief Information Security Officer of Cox Enterprises.

Primary Responsibilities:

• Oversee the entirety of the cybersecurity risk, governance, and compliance programs across Cox Enterprises and majority owned growth companies.
• Responsible for the critical cyber controls program including technical support of the monitoring capabilities and driving continuous improvement with control owners.
• Direct the Third-Party Risk Management and Human Risk Management (awareness, testing, training) programs for CEI and in scope growth companies.
• Oversee cyber due diligence and post-acquisition process for new acquisitions.
• Develop and execute cybersecurity roadmaps for new growth companies.
• Enable new growth companies with cyber capabilities, services, and solutions deployments.  
• Develop and maintain executive level and working level relationships at each majority owned new growth company for the purposes of security program development, security risk and governance, and aligning support for security objectives.
• Ensure executives and other senior leaders across CEI and growth companies understand their role in security risk management for the enterprise and are provided visibility to these risks on a regular basis.
• Direct the information risk management program development and ongoing management to support mitigation of key business risks.
• Ensure that fellow security teams are developing, implementing, and refining key cybersecurity and compliance metrics that allow the business and senior leaders to understand the state of current security risks.
• Hire, train, motivate, guide, grow and develop direct reports and employees. Ensure a participative/engaged work environment that will attract and maintain a workforce of talented and satisfied employees.
• Educate and negotiate with business leadership and management and to ensure successful development, deployment, and ROI on security solutions.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities’ security teams to implement security best practices. 
• Represent the business in key industry groups.
• Performs other related duties as assigned.

Minimum Qualifications:

• Bachelor’s degree in a related discipline and 14 years’ experience in a related field. The right candidate could also have a different combination, such as a master’s degree and 12 years’ experience; a Ph.D. and 9 years’ experience in a related field; or 18 years’ experience in a related field12+ years of experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
• 5+ years managing or leading an Information Security Risk Management function.
• Knowledge and experience in security compliance programs and relevant security frameworks – Payment Card Industry compliance, ISO 27001/2, NIST, privacy laws including CCPA, GDPR and related state and federal programs and legislation.
• Proven experience with corporate security, compliance, and audit programs.
• Ability to make strategic decisions, supervise complex programs, manage, and educate highly skilled professionals, and manage other departments relating to security risk and control. 
• Solid, pragmatic business acumen, proven record of creatively solving problems, and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or top management.
• Ability to manage multiple complex projects while meeting all deadlines and manage leaders of teams to achieve optimal results.
• Excellent customer service skills, writing and executive presentation skills.
• Relevant industry certification: CISSP, CISM, CISA, etc.

Preferred:

• Advanced degree (MBA / MS).
• 5+ years of experience in a senior management role.
• Experience in national critical infrastructure industries (telecommunications, financial services, defense, government, etc.).  

Benefits

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.

About Us

As our primary divisions Cox Automotive and Cox Communications drive new waves of innovation, Cox Enterprises is entering spaces like cleantech, healthcare, esports and more. We're a family business guided by a legacy of bold innovation that’s driven by those who want to make their mark. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.

Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.