Manager, Security Standards And Compliance

Company Summary

Crown Castle works around the country to build and maintain the infrastructure behind the world’s most revolutionary technologies. As the largest shared infrastructure provider in the United States, Crown Castle owns, operates and leases more than 40,000 cell towers, 80,000 small cells and over 80,000 route miles of fiber across every major US market. This nationwide portfolio of communications infrastructure connects cities and communities to essential data, technology and wireless service – bringing information, ideas and innovations to the people and businesses that need them. Crown Castle is a NYSE S&P 500 and Fortune 500 company and one of the largest Real Estate Investment Trusts in the United States with an enterprise value of approximately $110 billion.

Position Title: Manager, Security Standards and Compliance (P4)

Position Summary:The Manager, Security Standards and Compliance role serves as the security governance, risk, and compliance manager responsible for defining, implementing and leading a GRC function on the Enterprise Security team. This position will create the security risk and vulnerability strategy and provide cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e. SOC2, MRC, ISO27001, GDPR, CCPA, NIST, DPAs and state/local privacy laws) through strategy development, controls definition and assessment and process oversight.

 

Essential Job Functions

• Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
• Develop and manage an information security risk and vulnerability management program including development, evaluation, and adherence to multiple areas of practice
• Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the NIST CSF Framework
• Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
• Identify, assess, manage, and track remediation of risks related to Digital Transformation / IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
• Develop strong relationships with Crown Castle technology teams as well as Crown Castle business owners and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable
• Liaise with all departments to identify, track and provide remediation guidance for new Digital Transformation and Crown Castle Fiber Engineering projects, services and/or third-party contracts in terms of information security assurance
• Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts
• Develop security compliance strategy and approach and ensure compliance with MRC, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
• Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
• Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
• Oversee third party assessment standards and privileged user monitoring as a check on critical system access
• Attend training seminars, conferences, and trade shows to broaden knowledge of current and future IT Security Operations issues and technologies.
• Participate in 24x7 Enterprise Security Incident Response team.

Education/Certifications 

• Bachelor’s degree in IT, Management, or Leadership related fields

Experience/Minimum Requirements 

• Five (5) plus years of Cyber Security management work
• Ten (10) plus years of Cyber Security experience
• CISSP preferred
• Strong knowledge of industry frameworks, such as ISO and NIST
• knowledge of OneTrust GRC preferred

Other Skills/Abilities 

• Demonstrated progressive experience in the management of a technical support team
• Proven track record of developing and providing Corporate Security Service Level Agreements
• Solid relationship management and performance management skills
• Ability to motivate and direct staff members and subordinates
• Strong understanding of the organization’s goals and objectives
• Exceptional written and oral communication skills
• Exceptional interpersonal skills, with a focus on listening and questioning skills
• Strong documentation skills
• Ability to conduct research into a wide range of computing issues as required
• Ability to present ideas in user-friendly language to non-technical staff and end users
• Keen attention to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Exceptional customer service orientation
• Experience working in a team-oriented, collaborative environment

Organizational RelationshipReports to: Sr Manager, Threat Management Title(s) of direct reports (if applicable):  Sr Analyst, Standards and ComplianceWorking Conditions: Works in a normal office setting with no exposure to adverse environmental conditions. We offer a hybrid working model with 3 days in local office and up to 2 days working remotely each week.   

 

#LI-MP1