Cyber Risk and Compliance, Senior Analyst

The Cyber Risk & Compliance Sr Analyst will report to the Sr Manager, Cybersecurity. As a member of the compliance team, you will contribute to compliance and governance activities related to multiple frameworks including SOC 2, PCI-DSS and NIST 800-53. The ideal candidate brings a strong understanding of security controls, control design and operating effectiveness testing to the team to facilitate gap assessments, assist with security controls implementation activities, and contribute to enhance the overall compliance and cybersecurity program. The right candidate has a proactive mindset and exhibits accountability for projects and tasks while driving actions across multiple teams. Strong written and verbal communication abilities and exceptional interpersonal skills to promote compliance across teams to achieve results is a must to be successful in this role. The ideal candidate possesses a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a natural desire to drive efforts to their conclusion.
Primary Responsibilities:

• Provide governance over internal assessments and external audits of compliance programs.
• Collaborate with cross-functional teams to ensure they are properly implementing and managing security controls, understand their operations, and ensure compliance with standards.
• Develop and maintain remediation plans alongside remediation owners, then track the remediation plans through completion.
• Monitor and enhance the controls needed to achieve and maintain SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001 or other compliance requirements. Perform controls testing for operating effectiveness.
• Manage changes to control frameworks that support our security compliance objectives.
• Maintain the tools and processes that keep our compliance monitoring going strong.
• Effectively communicate compliance project status, timelines, risk, remediation efforts to stakeholders and leadership.
• Help with the development of key reporting metrics and executive presentations to make sure there is always awareness and support of our compliance programs.

Qualifications and Experience:
Minimum

• Bachelor's degree in a related discipline and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 18 years' experience in a related field
• 4+ years of experience working in information security controls, information technology audit, or security risk management.
• Ability to communicate with a variety of different stakeholders, from peer team members all the way up to the executive level.
• Strong understanding and experience with information security technologies.
• Ability to adjust to multiple demands, changing priorities, and rapid change, while keeping a good attitude and multitasking effectively.

Preferred

• At least one relevant industry certification such as CISSP, CISM, CRISC, CISA.
• Subject Matter Expertise in a minimum of security frameworks such as SOC 2, PCI-DSS, HITRUST, HIPAA, ISO 27001, NIST 800-53, NIST Cybersecurity Framework.
• Understanding of security engineering principles.
• Professional services audit or consulting background a plus.
• Telecom/Cable industry experience a plus

USD 88,300.00 - 147,100.00 per year
Compensation:
Compensation includes a base salary of $88,300.00 - $147,100.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.
About Cox Communications
Cox Communications is the largest private telecom company in America, serving six million homes and businesses. That's a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you're interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.