Cox Communications
Director, Cybersecurity Vulnerability Management
Cox Communications, Atlanta, Georgia, United States, 30383
Director of Vulnerability Management and Continuous Control MonitoringThe Director of Vulnerability Management and Continuous Control Monitoring leads a team of cybersecurity professionals that provide continuous internal and external vulnerability scanning and reporting, continuous configuration monitoring in on-premise, multi-cloud, and customer network environments, and design and maintenance of a platform that continuously monitors and reports on the state of CCIs critical cyber controls.
The scope of this role is CCI wide and includes enterprise IT, product technologies and customer facing networks (critical infrastructure), and adjacent business units' environments. This leader directs the strategy and operational approach of vulnerability management, including identification and reporting of technical vulnerabilities and misconfigurations across infrastructure supported by application, server, database, network, and product teams. Additionally, this leader will direct the strategy and day to day operations of the cybersecurity team's continuous control monitoring platform for measurement of ongoing compliance with critical cyber controls across all technology environments.
PRIMARY RESPONSIBILITIES AND ESSENTIAL FUNCTIONSVulnerability Management
Lead and mentor a team of cybersecurity professionals that:
Deliver continuous scanning, identification, and reporting of the external facing attack surface throughout on-premise and cloud-based environments across enterprise, product technologies and network.
Provide continuous scanning, identification, and reporting of vulnerabilities throughout on-premises and cloud-based environments across both enterprise and product technologies.
Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies across both enterprise, product and network technology teams and acquisitions.
When imminent threats or relevant zero-day vulnerabilities are identified, escalation of rapid vulnerability response efforts.
Monitor vulnerability mitigation progress and partner with teams to provide recommendations for efficient risk remediation or mitigation.
Provide regular reporting on the current state of vulnerabilities and configurations throughout the entire environment including acquisitions. Partner with M&A teams to ensure rapid deployment of vulnerability scanning and related visibility tools to acquisitions.
Continuous Control Monitoring
Define and execute the vision and strategy for our continuous control monitoring platform and data model that supports our overall critical cybersecurity objectives and priorities.
Lead and mentor a team of engineers who are responsible for developing, testing, and maintaining the continuous control monitoring platform and related data models that integrate data from various cybersecurity and technology sources to report on the current state of critical cyber controls.
Partner with cybersecurity, enterprise, product, and network technology teams on the development of appropriate scoring algorithms and measurement criteria, including defining and setting policies where needed.
Collaborate with engineering and architecture leaders, other cybersecurity leaders, and broader CCI leaders to socialize security requirements for meta data or technical integrations necessary to provide relevant critical cyber control reporting to all layers of the organization.
Design and build consumable and audience appropriate reporting of the state of critical cyber controls for consumption by technology owners, technology managers and directors, cybersecurity leaders, and senior technology and business leaders.
Common Responsibilities Across All Focus Areas
Lead and coordinate large-scale information security projects, including implementation and delivery of infrastructure security scanning, correlation of new cybersecurity data sources and reporting, and workflow and orchestration solutions.
Identify, propose, and influence business solutions, negotiate deliverables and requirements across multiple business customers or organizations.
Partner with other functional groups to develop, manage, track, and analyze operational support structures, tools, methods and procedures to improve process efficacy, inter-team communications, and the customer experience.
Provide leadership and strategic direction for the function, including budgeting capital and operating expenses.
Oversee and lead contract negotiations and vendor management for vulnerability management, continuous control monitoring, and other security capabilities as appropriate.
Responsible for staying abreast of industry leading vulnerability and software security vendors and informing their product roadmaps.
Consult with senior leadership on security threats and incident response practices.
Working knowledge/experience of network systems, security principles, and applications. Fundamental understanding of defense-in-depth and intelligence-driven strategies.
Detailed knowledge of vulnerability management, configuration management, software security, red team concepts, tools and trends. Develop a training program to ensure ongoing education vulnerability management and continuous control monitoring resources.
QUALIFICATIONS AND EXPERIENCE:Minimum
BS/BA degree in a related discipline with 10+ years of experience in a related field, OR a MS/MA degree in a related discipline with 8+ years of experience in a related field, OR a Ph.D. in a related discipline with 5+ years of experience in a related field.
10+ years of experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
5+ years managing or leading an Information Security vulnerability management function.
Ability to drive consensus and collaboration among many diverse teams, individuals and functional groups to achieve desired business results.
Excellent interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout organization.
Demonstrated track record of both project and operational delivery.
Demonstrated knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP).
Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.).
At least one relevant industry certification - CISSP, SANS GIAC, C|EH, CISM, CRISC, CISA, CPA.
USD 142,100.00 - 236,800.00 per year
Compensation:Compensation includes a base salary of $142,100.00 - $236,800.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.
About Cox CommunicationsCox Communications is the largest private telecom company in America, serving six million homes and businesses. That's a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you're interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!
About CoxCox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.
#J-18808-Ljbffr
The scope of this role is CCI wide and includes enterprise IT, product technologies and customer facing networks (critical infrastructure), and adjacent business units' environments. This leader directs the strategy and operational approach of vulnerability management, including identification and reporting of technical vulnerabilities and misconfigurations across infrastructure supported by application, server, database, network, and product teams. Additionally, this leader will direct the strategy and day to day operations of the cybersecurity team's continuous control monitoring platform for measurement of ongoing compliance with critical cyber controls across all technology environments.
PRIMARY RESPONSIBILITIES AND ESSENTIAL FUNCTIONSVulnerability Management
Lead and mentor a team of cybersecurity professionals that:
Deliver continuous scanning, identification, and reporting of the external facing attack surface throughout on-premise and cloud-based environments across enterprise, product technologies and network.
Provide continuous scanning, identification, and reporting of vulnerabilities throughout on-premises and cloud-based environments across both enterprise and product technologies.
Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies across both enterprise, product and network technology teams and acquisitions.
When imminent threats or relevant zero-day vulnerabilities are identified, escalation of rapid vulnerability response efforts.
Monitor vulnerability mitigation progress and partner with teams to provide recommendations for efficient risk remediation or mitigation.
Provide regular reporting on the current state of vulnerabilities and configurations throughout the entire environment including acquisitions. Partner with M&A teams to ensure rapid deployment of vulnerability scanning and related visibility tools to acquisitions.
Continuous Control Monitoring
Define and execute the vision and strategy for our continuous control monitoring platform and data model that supports our overall critical cybersecurity objectives and priorities.
Lead and mentor a team of engineers who are responsible for developing, testing, and maintaining the continuous control monitoring platform and related data models that integrate data from various cybersecurity and technology sources to report on the current state of critical cyber controls.
Partner with cybersecurity, enterprise, product, and network technology teams on the development of appropriate scoring algorithms and measurement criteria, including defining and setting policies where needed.
Collaborate with engineering and architecture leaders, other cybersecurity leaders, and broader CCI leaders to socialize security requirements for meta data or technical integrations necessary to provide relevant critical cyber control reporting to all layers of the organization.
Design and build consumable and audience appropriate reporting of the state of critical cyber controls for consumption by technology owners, technology managers and directors, cybersecurity leaders, and senior technology and business leaders.
Common Responsibilities Across All Focus Areas
Lead and coordinate large-scale information security projects, including implementation and delivery of infrastructure security scanning, correlation of new cybersecurity data sources and reporting, and workflow and orchestration solutions.
Identify, propose, and influence business solutions, negotiate deliverables and requirements across multiple business customers or organizations.
Partner with other functional groups to develop, manage, track, and analyze operational support structures, tools, methods and procedures to improve process efficacy, inter-team communications, and the customer experience.
Provide leadership and strategic direction for the function, including budgeting capital and operating expenses.
Oversee and lead contract negotiations and vendor management for vulnerability management, continuous control monitoring, and other security capabilities as appropriate.
Responsible for staying abreast of industry leading vulnerability and software security vendors and informing their product roadmaps.
Consult with senior leadership on security threats and incident response practices.
Working knowledge/experience of network systems, security principles, and applications. Fundamental understanding of defense-in-depth and intelligence-driven strategies.
Detailed knowledge of vulnerability management, configuration management, software security, red team concepts, tools and trends. Develop a training program to ensure ongoing education vulnerability management and continuous control monitoring resources.
QUALIFICATIONS AND EXPERIENCE:Minimum
BS/BA degree in a related discipline with 10+ years of experience in a related field, OR a MS/MA degree in a related discipline with 8+ years of experience in a related field, OR a Ph.D. in a related discipline with 5+ years of experience in a related field.
10+ years of experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
5+ years managing or leading an Information Security vulnerability management function.
Ability to drive consensus and collaboration among many diverse teams, individuals and functional groups to achieve desired business results.
Excellent interpersonal, leadership, presentation, and collaborative skills to work effectively with teams throughout organization.
Demonstrated track record of both project and operational delivery.
Demonstrated knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP).
Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.).
At least one relevant industry certification - CISSP, SANS GIAC, C|EH, CISM, CRISC, CISA, CPA.
USD 142,100.00 - 236,800.00 per year
Compensation:Compensation includes a base salary of $142,100.00 - $236,800.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.
About Cox CommunicationsCox Communications is the largest private telecom company in America, serving six million homes and businesses. That's a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you're interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!
About CoxCox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.
#J-18808-Ljbffr