Security Compliance Lead

The Security Compliance lead role involves implementing and managing compliance policies and procedures while fostering a culture of compliance across the organization. This leader will implement and our formal control framework and establish processes to recertify control ownership and operating effectiveness over time. Oversee internal and external security audits, ensuring remediation plans for identified issues are executed effectively as well as monitor emerging regulations and compliance trends to maintain up-to-date practices. Coordinate with regulatory bodies, auditors, and other stakeholders on security risk-related matters. This role will drive a culture of continuous improvement for security compliance practices, benchmark the organization's compliance performance against industry peers, and foster innovation in security compliance to address emerging threats.
Key Responsibilities

• Engages with Cox business leaders to ensure understanding and support of security compliance strategy, priorities and initiatives
• Coordinates effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance and overall process improvement
• Establish, maintain and communicate CAI security policies. Partner with cross-divisional counter parts to ensure alignment, where appropriate, across all Cox divisions.
• Develop and implement a robust internal control framework aligned with industry best practices (e.g., COSO framework). Design control activities to address identified risks and ensure effective monitoring of key processes.
• Serve as the liaison with External Auditors, Internal Audit, on all significant Compliance issues involving supported function/business/product and oversee implementation of related remediation.
• Manage all contractual security requirements requested by external parties and ensure that compliance obligations are understood, and requirements are documented. Prepare and present compliance reports to the engineering leaders and executive team
• Provide oversight and guidance over the assessment of broad complex issues, structures potential solutions and drive effective resolution with other senior stakeholders.
• Advise the businesses on an ongoing basis on new function/business/product initiatives, new products, business acquisitions, and client-related matters with respect to applicability of policies, resolution of potential red flags or other client/transaction-related compliance escalations.
• Manage a variety of compliance requirements including external attestations, regulatory requirements, interacting with clients, legal, stakeholders, and outside counsel as appropriate.
• Lead security requirements in obtaining and maintaining breach insurance coordinating with a variety of internal teams as well as our insurance brokers both domestically and internationally.

Minimum Qualifications

• Bachelor's degree in business, law, or a related field. At least 8 years of experience in compliance, risk management, or related areas, with a minimum of 7 years in a senior leadership role; The right candidate could also have a different combination such as a Master's degree in business, law or related field and 10 years of experience or a PhD and 7 years experience. Master's degree preferred.
• Proactively builds, nurtures and maintains business-focused, long-term working relationships with partners inside and outside of the organization. Demonstrates flexibility when forming and adjusting partnerships to achieve broader goals. Shows willingness to work across boundaries to achieve outcomes addressing business, customer and partner goals and expectations. Demonstrated strong executive presence and communication skills.
• Direct oversight of managing external attestations such as SOC1/SOC2 Reports, as well as managing compliance with GLBA, PCI DSS, GDPR
• Direct experience managing and redlining contractual security requirements and interacting with legal.
• Direct experience with managing international compliance requirements in Europe
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management skills are essential
• Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style. Candidates must have effective persuasion skills, the ability to work effectively at the highest levels of the organization, and will display highly effective networking and influencing skills

Preferred Qualifications

• Ability to make strategic decisions, supervise complex programs, manage and educate highly skilled professionals, and influence other departments relating to security risk and control.
• Solid, pragmatic business acumen with a proven record of creatively solving problems and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or senior leadership.
• Ability to manage multiple complex projects while meeting all deadlines and manage leaders of teams to achieve optimal results.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities' security teams to implement security best practices.

USD 119,600.00 - 199,400.00 per year
Compensation:
Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.