Cyber Risk And Compliance Manager

Company:
Cox Communications, Inc.
Job Family Group:
Information Technology
Job Profile:
Cyber Risk & Compliance Manager
Management Level:
Manager - Non People Leader
Travel %:
No
Work Shift:
Day (United States of America)
Job Description:
Cox Communications is seeking a Cyber Risk & Compliance Manager who will be responsible for the development and delivery of Cox Communications and acquisition companies' strategic cyber communications program and establishing regular engagement routines with business stakeholders to ensure they understand the objectives of the cyber security program and their role in it, and cyber security awareness and education for employees and contractors. The overall goals are to educate the organizational stakeholders on their role in cybersecurity either by managing their team's role in delivering work or through personal education of users. In collaboration with other members of the department, this position will manage a broad set of activities, including developing strategic communications materials, managing regular meeting cadence with critical stakeholders, delivering internal phishing campaigns, drafting publications, creating and managing website content, facilitating marketing campaigns, creating timelines and infographics; and helping to plan outreach, awareness, and educational events. The Senior Security Consultant will also be responsible for evaluating effectiveness of techniques and resources as appropriate.
Successful candidates will demonstrate strong business acumen and possess a blend of general business, technology, and security competencies. Specifically, this individual will have a versatile background, critical thinking, and analytical capabilities, as well as a proven ability to communicate across organizational boundaries to implement an effective security awareness program.
Key Responsibilities:
Develop and manage the strategic communications routines of the cybersecurity organization using innovative, relevant, and impactful avenues to communicate the message across all levels of the enterprise. This role is charged with increasing leadership and employee's understanding of and accountability for the protection of company people, information, and systems. Ensure strategic objectives of the cybersecurity program are communicated by developing critical materials for:

• Twice a year updates to CEI Chairman and Divisional Presidents and key leadership
• CCI Enterprise Risk Management - Quarterly updates on the 2 top red enterprise risks
• CEI Enterprise Risk Management - 2 times per year
• CISO and key leader presentations to markets and external organizations
• Funding request updates
• Security Risk Committee Updates - EVP/SVP updates 6 times per year
• SCTE/CableLabs materials
• Customer updates as needed
• Coordinate responses and meeting for cyber insurance providers annually
• Advance a strong security culture set forth by the CISO, ensuring adoption across security leadership, business units, and employees.
• Provide liaison support for cybersecurity communications between the Cybersecurity organization and the business.

Drive the security awareness program by setting up formal and informal training and learning programs to increase the awareness and adoption of security awareness capabilities across Cox Communications and expand the program to acquisition companies.

• Develop the strategy, goals, and objectives for the information security training, education, and awareness program.
• Ensure all regulatory and Compliance requirements for security awareness are met.
• Extend beyond regulations to drive behavioral change into the business and inspire a security culture.
• Deliver and measure simulated phishing campaigns, including choosing simulation templates, execution of the campaigns, recording key metrics, and sharing results with leadership.
• Produce periodic, high-quality reports illustrating program status, areas for improvement and success attributes aligning to the business
• Ensure information security program communicates policies and requirements where people know, understand, and can follow them.
• Develop new or identify existing information security training, education, and awareness activities appropriate for company audiences.
• Help organize and delivery security awareness events.
• Build Cox Communication awareness by taking a holistic approach to the information security awareness program using electronic messages, forums, billboards, newsletters, and printed materials that complement each other and build upon previously covered concepts.
• Build relationships with cross-departmental partners to improve the quality of security awareness training across organization, including consultants.
• Create innovative security awareness campaigns using solution providers as well as internally developed materials to leveraged across a diverse employee population (executives, engineering, Cox Business, Care, finance, etc.).
• Coordinate efforts with Public Affairs to develop strategies and maintain consistent messaging across the company.

QUALIFICATIONS AND EXPERIENCE:
Minimum

• Bachelor's degree in a Information Technology field and 6 years' experience in a related field (technology, security, operations, design, or development group).
• Experience writing and designing information security educational material for employees.
• Requires strong oral and written communication skills, with experience in clearly explaining complex information security concepts and technologies for both technical and non-technical audiences leveraging various media.
• Ability to speak to mid to large size groups presenting training and awareness.
• Demonstrates highly effective communications skills with the ability to influence business units
• Ability to manage multiple engagements and prioritize workload.
• Strong problem-solving skills.

Preferred

• Security awareness program development and training or a similar background, preferably in large enterprise.
• Experience writing and designing information security educational material for employees.
• Instructional designer or any skills related to training will be considered a plus.
• Experience running and supporting phishing campaigns and training.
• Experience in designing dashboard to reflect the effectiveness of cybersecurity awareness program.
• Social media, communications and marketing experience will be considered a plus.
• Big four consulting background or Fortune 500 company experience.
• Telecom/Cable or Wireless industry experience.
• Knowledge of IT and security frameworks, such as NIST or CIS.
• At least one relevant industry certification - CISSP, CISM, CISA, etc.

About Us:
Cox Communications is all about creating moments of real human connection; and for employees, that's true both in the workplace and in the problems we solve for customers. From building advertising solutions to unleashing IoT technologies to creating an exceptional experience for customers in our retail locations and online, we're creating a world that is smarter and more connected. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.