Cox Enterprises
Cyber Risk and Compliance, Senior Analyst
Cox Enterprises, Atlanta, Georgia, United States, 30383
The
Cyber Risk & Compliance Sr Analyst
will report to the Sr Manager, Cybersecurity. As a member of the compliance team, you will contribute to compliance and governance activities related to multiple frameworks including SOC 2, PCI-DSS and NIST 800-53. The ideal candidate brings a strong understanding of security controls, control design and operating effectiveness testing to the team to facilitate gap assessments, assist with security controls implementation activities, and contribute to enhance the overall compliance and cybersecurity program. The right candidate has a proactive mindset and exhibits accountability for projects and tasks while driving actions across multiple teams. Strong written and verbal communication abilities and exceptional interpersonal skills to promote compliance across teams to achieve results is a must to be successful in this role. The ideal candidate possesses a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a natural desire to drive efforts to their conclusion.Primary Responsibilities:Provide governance over internal assessments and external audits of compliance programs.
Collaborate with cross-functional teams to ensure they are properly implementing and managing security controls, understand their operations, and ensure compliance with standards.
Develop and maintain remediation plans alongside remediation owners, then track the remediation plans through completion.
Monitor and enhance the controls needed to achieve and maintain SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001 or other compliance requirements. Perform controls testing for operating effectiveness.
Manage changes to control frameworks that support our security compliance objectives.
Maintain the tools and processes that keep our compliance monitoring going strong.
Effectively communicate compliance project status, timelines, risk, remediation efforts to stakeholders and leadership.
Help with the development of key reporting metrics and executive presentations to make sure there is always awareness and support of our compliance programs.
Qualifications and Experience:MinimumBachelor’s degree in a related discipline and 6 years’ experience in a related field. The rightcandidate could also have a different combination, such as a master’s degree and 4 years’experience; a Ph.D. and 1 year of experience; or 18 years’ experience in a related field
4+ years of experience working in information security controls, information technology audit, or security risk management.
Ability to communicate with a variety of different stakeholders, from peer team members all the way up to the executive level.
Strong understanding and experience with information security technologies.
Ability to adjust to multiple demands, changing priorities, and rapid change, while keeping a good attitude and multitasking effectively.
PreferredAt least one relevant industry certification such as CISSP, CISM, CRISC, CISA.
Subject Matter Expertise in a minimum of security frameworks such as SOC 2, PCI-DSS, HITRUST, HIPAA, ISO 27001, NIST 800-53, NIST Cybersecurity Framework.
Understanding of security engineering principles.
Professional services audit or consulting background a plus.
Telecom/Cable industry experience a plus
#J-18808-Ljbffr
Cyber Risk & Compliance Sr Analyst
will report to the Sr Manager, Cybersecurity. As a member of the compliance team, you will contribute to compliance and governance activities related to multiple frameworks including SOC 2, PCI-DSS and NIST 800-53. The ideal candidate brings a strong understanding of security controls, control design and operating effectiveness testing to the team to facilitate gap assessments, assist with security controls implementation activities, and contribute to enhance the overall compliance and cybersecurity program. The right candidate has a proactive mindset and exhibits accountability for projects and tasks while driving actions across multiple teams. Strong written and verbal communication abilities and exceptional interpersonal skills to promote compliance across teams to achieve results is a must to be successful in this role. The ideal candidate possesses a blend of general technology, security, and audit competencies with an emphasis on critical thinking, data analytics, and a natural desire to drive efforts to their conclusion.Primary Responsibilities:Provide governance over internal assessments and external audits of compliance programs.
Collaborate with cross-functional teams to ensure they are properly implementing and managing security controls, understand their operations, and ensure compliance with standards.
Develop and maintain remediation plans alongside remediation owners, then track the remediation plans through completion.
Monitor and enhance the controls needed to achieve and maintain SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001 or other compliance requirements. Perform controls testing for operating effectiveness.
Manage changes to control frameworks that support our security compliance objectives.
Maintain the tools and processes that keep our compliance monitoring going strong.
Effectively communicate compliance project status, timelines, risk, remediation efforts to stakeholders and leadership.
Help with the development of key reporting metrics and executive presentations to make sure there is always awareness and support of our compliance programs.
Qualifications and Experience:MinimumBachelor’s degree in a related discipline and 6 years’ experience in a related field. The rightcandidate could also have a different combination, such as a master’s degree and 4 years’experience; a Ph.D. and 1 year of experience; or 18 years’ experience in a related field
4+ years of experience working in information security controls, information technology audit, or security risk management.
Ability to communicate with a variety of different stakeholders, from peer team members all the way up to the executive level.
Strong understanding and experience with information security technologies.
Ability to adjust to multiple demands, changing priorities, and rapid change, while keeping a good attitude and multitasking effectively.
PreferredAt least one relevant industry certification such as CISSP, CISM, CRISC, CISA.
Subject Matter Expertise in a minimum of security frameworks such as SOC 2, PCI-DSS, HITRUST, HIPAA, ISO 27001, NIST 800-53, NIST Cybersecurity Framework.
Understanding of security engineering principles.
Professional services audit or consulting background a plus.
Telecom/Cable industry experience a plus
#J-18808-Ljbffr