Security Client and Vendor Compliance Lead

The Security Client and Vendor Compliance lead will manage compliance and oversight accountabilities for third party service providers (vendors). This leader will implement and manage boarding/due diligence required for third party service providers and ensure operating effectiveness over time. Oversee internal and external security audits, ensuring remediation plans for identified issues are executed effectively as well as monitor emerging regulations and compliance trends to maintain up-to-date practices. Coordinate with regulatory bodies, auditors, and other stakeholders on security risk-related matters.
This role will drive a culture of continuous improvement for security compliance practices, benchmark the organization's compliance performance against industry peers, and foster innovation in security compliance to address emerging threats.
Key Responsibilities

• Engages with Cox business leaders to ensure understanding and support of security compliance strategy, priorities and initiatives
• Collaborates with the team on effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance and overall process improvement
• Establish, maintain and communicate CAI security policies related to third party service providers. Partner with cross-divisional counter parts to ensure alignment, where appropriate, across all Cox divisions.
• Serve as the liaison with External Auditors, Internal Audit, on all significant Compliance issues involving third party service providers.
• Manage all contractual security requirements for third party service providers and present compliance reports to the leadership and executive team
• Provide oversight and guidance over the assessment of broad complex issues, structures potential solutions and drive effective resolution with other senior stakeholders.

Minimum Qualifications

• Bachelor's degree in business, law, or a related field. At least 6 years of experience in compliance, risk management, or related areas, with a minimum of 7 years in a senior leadership role; The right candidate could also have a different combination such as a Master's degree in business, law or related field and 10 years of experience or a PhD and 7 years experience. Master's degree preferred.
• Proactively builds, nurtures and maintains business-focused, long-term working relationships with partners inside and outside of the organization. Demonstrates flexibility when forming and adjusting partnerships to achieve broader goals. Shows willingness to work across boundaries to achieve outcomes addressing business, customer and partner goals and expectations. Demonstrated strong executive presence and communication skills.
• Direct oversight of managing external attestations such as SOC1/SOC2 Reports, as well as managing compliance with GLBA, PCI DSS, GDPR
• Direct experience managing and redlining contractual security requirements and interacting with legal.
• Direct experience with managing international compliance requirements in Europe
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management skills are essential
• Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style. Candidates must have effective persuasion skills, the ability to work effectively at the highest levels of the organization, and will display highly effective networking and influencing skills

Preferred Qualifications

• Ability to make strategic decisions, supervise complex programs, manage and educate highly skilled professionals, and influence other departments relating to security risk and control.
• Solid, pragmatic business acumen with a proven record of creatively solving problems and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or senior leadership.
• Ability to manage multiple complex projects while meeting all deadlines and manage leaders of teams to achieve optimal results.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities' security teams to implement security best practices.
• Relevant industry certification: CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

USD 119,600.00 - 199,400.00 per year
Compensation:
Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.