Security Client and Vendor Compliance Lead at Cox Automotive

The Security Client and Vendor ComplianceLead will manage compliance and oversightaccountabilities for third party service providers (vendors). Thisleader will implement and manage boarding/due diligence requiredfor third party service providers and ensure operatingeffectiveness over time. Oversee internal and external securityaudits, ensuring remediation plans for identified issues areexecuted effectively as well as monitor emerging regulations andcompliance trends to maintain up-to-date practices. Coordinate withregulatory bodies, auditors, and other stakeholders on securityrisk-related matters.

This role will drive aculture of continuous improvement for security compliancepractices, benchmark the organization's compliance performanceagainst industry peers, and foster innovation in securitycompliance to address emergingthreats.

KeyResponsibilities

• Engageswith Cox business leaders to ensure understanding and support ofsecurity compliance strategy, priorities andinitiatives
• Collaborates with the team oneffective roadmap development and governance for global initiativesrelated to security awareness, policy development, client andvendor compliance and overall processimprovement
• Establish, maintain and communicateCAI security policies related to third party service providers.Partner with cross-divisional counter parts to ensure alignment,where appropriate, across all Coxdivisions.
• Serve as the liaison with ExternalAuditors, Internal Audit, on all significant Compliance issuesinvolving third party service providers.
• Manageall contractual security requirements for third party serviceproviders and present compliance reports to the leadership andexecutive team
• Provide oversight and guidanceover the assessment of broad complex issues, structures potentialsolutions and drive effective resolution with other seniorstakeholders.

MinimumQualifications

• Bachelor'sdegree in a related discipline and 6 years' experience in a relatedfield. The right candidate could also have a different combination,such as a master's degree and 4 years' experience; a Ph.D. and 1year of experience; or 18 years' experience in a relatedfield
• Proactively builds, nurtures andmaintains business-focused, long-term working relationships withpartners inside and outside of the organization. Demonstratesflexibility when forming and adjusting partnerships to achievebroader goals. Shows willingness to work across boundaries toachieve outcomes addressing business, customer and partner goalsand expectations. Demonstrated strong executive presence andcommunication skills.
• Direct oversight ofmanaging external attestations such as SOC1/SOC2 Reports, as wellas managing compliance with GLBA, PCI DSS,GDPR
• Direct experience managing and redliningcontractual security requirements and interacting withlegal.
• Direct experience with managinginternational compliance requirements inEurope
• Effective negotiation skills, aproactive and 'no surprises' approach in communicating issues andstrength in sustaining independent views. Strong presentation andrelationship management skills areessential
• Articulate and effectivecommunicator, both orally and in writing, with an energetic,charismatic and approachable style. Candidates must have effectivepersuasion skills, the ability to work effectively at the highestlevels of the organization, and will display highly effectivenetworking and influencing skills
• Applicantsmust currently be authorized to work in the United States for anyemployer without current or future sponsorship. No OPT, CPT,STEM/OPT or visa sponsorship now or infuture

PreferredQualifications

• Ability tomake strategic decisions, supervise complex programs, manage andeducate highly skilled professionals, and influence otherdepartments relating to security risk andcontrol.
• Solid, pragmatic business acumen witha proven record of creatively solving problems and offeringsolutions.
• Consultative nature to work throughcontroversial or complex topics to employees, leaders, and/orsenior leadership.
• Ability to manage multiplecomplex projects while meeting all deadlines and manage leaders ofteams to achieve optimal results.
• Developstrong and productive working environment with key stakeholders andcollaborate closely with other Cox entities' security teams toimplement security best practices.
• Relevantindustry certification: CISSP, CEH, OSCP, Azure, AWS, CISM, CISA,etc.

USD 108,800.00 -181,400.00 peryear

Compensation:

Compensationincludes a base salary of $108,800.00 - $181,400.00. The basesalary may vary within the anticipated base pay range based onfactors such as the ultimate location of the position and theselected candidate's knowledge, skills, and abilities. Position maybe eligible for additional compensation that may include anincentiveprogram.

Benefits:

TheCompany offers eligible employees the flexibility to take as muchvacation with pay as they deem consistent with their duties, thecompany's needs, and its obligations; seven paid holidaysthroughout the calendar year; and up to 160 hours of paid wellnessannually for their own wellness or that of family members.Employees are also eligible for additional paid time off in theform of bereavement leave, time off to vote, jury duty leave,volunteer time off, military leave, and parentalleave.

Applicants must currently be authorizedto work in the United States for any employer without current orfuture sponsorship.