Senior Director, Cybersecurity Risk Management

The Senior Director will lead a team of risk management professionals, collaborate with other senior leaders, and report directly to the executive team. The Senior Director of Risk Management will drive the governance and oversight of cyber-related risks within the broader enterprise risk management (ERM) framework. This role will focus on establishing a robust governance structure that integrates cyber risk into the overall risk management strategy, ensuring executive-level visibility and decision-making on critical cyber risks. The successful candidate will provide strategic direction, enable cross-functional collaboration, and enhance risk governance frameworks to ensure that cyber risks are effectively managed within the context of broader business risks.
The Senior Director will lead a team of risk management professionals, collaborate with other senior leaders, and report directly to the executive team. The Senior Director of Risk Management will drive the governance and oversight of cyber-related risks within the broader enterprise risk management (ERM) framework. This role will focus on establishing a robust governance structure that integrates cyber risk into the overall risk management strategy, ensuring executive-level visibility and decision-making on critical cyber risks. The successful candidate will provide strategic direction, enable cross-functional collaboration, and enhance risk governance frameworks to ensure that cyber risks are effectively managed within the context of broader business risks.

• Develop a security risk management framework to identify, assess, prioritize, and mitigate potential security risks by developing and implementing a structured process to continuously monitor and manage threats to CAI's assets, ensuring compliance with relevant regulations and aligning with the organization's risk tolerance; this often involves conducting risk assessments, creating mitigation strategies, and communicating risk information to stakeholders.
• Security Risk Governance Strategy: Develop and oversee the governance structure for integrating cyber risk into the enterprise risk management framework. Ensure that cyber risks are aligned with overall business risks and priorities and that appropriate risk mitigation strategies are in place.
• Risk Reporting and Transparency: Establish key metrics and reporting mechanisms to regularly update Senior Leadership on the organization's cyber risk posture. Provide clear, actionable reporting that connects cyber risks to business outcomes and organizational objectives.
• Risk Committee Engagement: Act as a key advisor to the Risk Oversight bodies, providing insights into cyber risks and their potential impact on business strategy and operations. Facilitate informed decision-making and strategic risk management at the highest level.
• Enterprise Risk Integration: Collaborate with risk management, legal, finance, and other functional teams to ensure that cyber risks are consistently evaluated and integrated into the broader enterprise risk assessments, including financial, operational, and strategic risks.
• Risk Appetite and Tolerance: Work with senior leadership to define and communicate the organization's cyber risk appetite and tolerance levels, ensuring alignment with overall enterprise risk appetite. Ensure that the governance framework supports risk-based decision-making and prioritization.

Minimum Qualifications:

• Bachelor's Degree and 12 years of experience in Information Technology Security, Operations, Risk Management, or Audit. The right candidate could also have a different combination such as a master's degree and 7 years' experience or a PhD and 7 years of experience.
• At least 7 years of experience in Cybersecurity, Technology, Risk Management, or External Audit
• At least 7 years of People Management experience in a leadership role.
• Executive Communication Skills: Proven experience in presenting risk management findings and recommendations to executive committees, risk oversight bodies, and boards of directors. Ability to distill complex information into actionable insights for senior leaders.
• Excellent problem-solving, analytical, and critical thinking skills to effectively respond to shifting priorities, demands and timelines.
• Continuous Improvement and Adaptability: A proactive attitude toward improving cyber risk management processes, incorporating industry best practices, and adapting to the changing threat landscape.
• Leadership and Influence: Demonstrated ability to engage, influence, and collaborate with senior executives and cross-functional teams to drive strategic risk initiatives and foster a risk-aware culture.
• Cyber and Enterprise Risk Management Expertise: Deep understanding of cyber and ERM principles and frameworks (e.g., NIST, ISO, COSO, COBIT) with experience in integrating cyber risks into enterprise risk assessments and processes.
• Cyber Risk Knowledge: Strong expertise in identifying, assessing, and mitigating cyber risks within complex organizations. Ability to translate technical cyber risk into business-relevant language that resonates with senior leadership.

USD 192,800.00 - 321,400.00
Compensation:
Compensation includes a base salary of $192,800.00 - $321,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.