Senior Director of Identity and Access Management (IAM) and Vulnerability Management (VM)

The Senior Director of Identity and Access Management (IAM) and Vulnerability Management (VM) will oversee IAM and VM strategy, solutions delivery, and operations. As the IAM leader, they will manage a team of cybersecurity professionals responsible for CEI's IAM programs, including identity governance, authentication, policy, and privileged access management. In their role as the VM leader, they will strategically guide the VM program, performing continuous vulnerability scanning, reporting, and configuration monitoring across on-premise and multi-cloud environments.
Additionally, this role involves leading efforts and working collaboratively across the organization to advance the organization's zero trust objectives.
This position reports directly to the Chief Information Security Officer of Cox Enterprises.
Responsibilities
Identity and Access Management

• Develop, socialize, and gain alignment on an overall Identity and Access Management (IAM) strategy and framework that includes workforce identity, authentication, and privileged access management.
• Lead IAM operational and platform support teams to define requirements, guardrails, and operating standards for workforce identity (including cloud IAM), authentication/centralized identity providers, and privileged access management (both on-premise and cloud).
• Effectively communicate IAM and Zero Trust concepts and strategies to non-technical partners, fostering a shared understanding of security and identity principles for workforce identity, authentication and privileged access management.
• Establish and implement IAM policies, standards, and procedures, ensuring compliance with applicable laws, regulations, customer expectations, and relevant security frameworks.
• Monitor developments in the IAM security industry including vendor strategies and roadmaps and continuously assess and enhance IAM policies, procedures, and technologies to adapt to evolving threats and business needs.
• Lead the evaluation and potential selection and implementation of emerging technologies and cutting-edge IAM solutions that may replace existing solutions or bring compelling new capabilities to the environment.
• Define appropriate IAM security metrics and provide regular and consolidated reporting to stakeholders.
• Assist new growth businesses with establishing IAM programs including capabilities, reporting, consultation, and processes.

Vulnerability Management

• Provide continuous scanning, identification, and reporting of vulnerabilities throughout on-premise and cloud-based environments.
• Recommend, socialize, and gain consensus on minimum patching and vulnerability mitigation standards and policies.
• When imminent threats or relevant zero-day vulnerabilities are identified, lead rapid vulnerability response efforts.
• Monitor vulnerability mitigation progress and partner with technology teams to provide recommendations for efficient risk remediation or mitigation.
• Provide regular reporting on the current state of vulnerabilities and configurations throughout Cox Enterprises including both on-premise and cloud environments.
• Assist new growth businesses with establishing vulnerability management programs including capabilities, reporting, consultation, and processes.

Leadership

• Hire, train, motivate, guide, grow and develop direct reports and employees. Ensure a participative/engaged work environment that will attract and maintain a workforce of talented and satisfied employees.
• Identify, propose, and influence business solutions, negotiate deliverables and requirements across multiple business customers or organizations.
• Analyze and manage capital and expense budgets.
• Oversee and lead contract negotiations and vendor management.
• Represent the business in key industry groups.

Minimum Qualifications

• Bachelor's degree in a related discipline (i.e. Computer Science, Cybersecurity, Information Technology etc.) or 15 years equivalent experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
• 10+ years of experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
• 5+ years of experience in IAM leadership roles with a track record of building high-performing teams and driving innovation across the Identity and Access Management discipline
• 2+ years managing or leading an information security vulnerability management function
• Strong understanding of IAM principles, technologies, and standards, including LDAP, SAML, OIDC, OAuth, PKI, FIDO2, and IAM frameworks (e.g., SailPoint, CyberArc, EntraID).
• In-depth knowledge of authentication mechanisms, access control models, and identity governance principles for both on-premise and cloud based infrastructure and services.
• Demonstrated knowledge and expertise in vulnerability assessment, risk management, and cybersecurity frameworks and standards (e.g., NIST, ISO, CIS, OWASP).
• Strong knowledge of vulnerability scanning and analysis and attack surface management tools (e.g., Qualys, Nessus, Rapid7, Tenable, Veracode, Shodan, etc.)
• Ability to make strategic decisions, supervise complex programs, manage, and educate highly skilled professionals, and manage other departments relating to IAM and Vulnerability Management.
• Solid, pragmatic business acumen, proven record of creatively solving problems, and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or top management.
• Ability to manage multiple complex projects while meeting deadlines and managing leaders of teams to achieve optimal results.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities' security teams to implement security best practices.
• Excellent customer service skills, writing and executive presentation skills.
• At least one relevant industry certification: CISSP, CISM, CISA, etc.

Preferred Qualifications

• Advanced degree (MBA / MS)
• 5+ years of experience in a senior management role.

USD 192,800.00 - 321,400.00
Compensation:
Compensation includes a base salary of $192,800.00 - $321,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.