Senior Director, Security Governance, Risk & Compliance (GRC) and Mergers & Acquisitions (M&A) Cybersecurity

The Senior Director of Security Governance, Risk & Compliance (GRC) and Mergers & Acquisitions (M&A) Cybersecurity will oversee a multi-functional organization responsible for information risk and compliance programs, securing new strategic investments, and ensuring exemplary data protection across the enterprise.
As the leader of Security Governance Risk and Compliance (GRC), this individual will strategically direct Cox Enterprises' (CEI) information security risk and compliance programs, ensuring that the organization remains compliant with all current requirements. They will collaborate with emerging business entities to manage regulatory and security compliance needs and lead transformative efforts to implement controls, technologies, processes, and policies to meet new security compliance objectives.
In their capacity as the leader of M&A Cybersecurity, this role will strategically guide the establishment of effective cybersecurity programs and capabilities at CEI growth companies to ensure adequate protections for these investments. The leader will oversee risk management, governance, strategic roadmaps, and security capability deployments where appropriate. Additionally, they will participate in cybersecurity due diligence and post-acquisition processes for new investments. This role involves maintaining key relationships at all levels within the scope of these companies.
Key success factors include the ability to partner with, influence, and lead both directly and cross-functionally across the organization. The leader must also effectively communicate risk and secure buy-in on risk remediation efforts across CEI and associated growth companies.
This position reports directly to the Chief Information Security Officer of Cox Enterprises.
Primary Responsibilities:

• Oversee the entirety of the cybersecurity risk, governance, and compliance programs across Cox Enterprises and majority owned growth companies.
• Responsible for the critical cyber controls program including technical support of the monitoring capabilities and driving continuous improvement with control owners.
• Direct the Third-Party Risk Management and Human Risk Management (awareness, testing, training) programs for CEI and in scope growth companies.
• Oversee cyber due diligence and post-acquisition process for new acquisitions.
• Develop and execute cybersecurity roadmaps for new growth companies.
• Enable new growth companies with cyber capabilities, services, and solutions deployments.
• Develop and maintain executive level and working level relationships at each majority owned new growth company for the purposes of security program development, security risk and governance, and aligning support for security objectives.
• Ensure executives and other senior leaders across CEI and growth companies understand their role in security risk management for the enterprise and are provided visibility to these risks on a regular basis.
• Direct the information risk management program development and ongoing management to support mitigation of key business risks.
• Ensure that fellow security teams are developing, implementing, and refining key cybersecurity and compliance metrics that allow the business and senior leaders to understand the state of current security risks.
• Hire, train, motivate, guide, grow and develop direct reports and employees. Ensure a participative/engaged work environment that will attract and maintain a workforce of talented and satisfied employees.
• Educate and negotiate with business leadership and management and to ensure successful development, deployment, and ROI on security solutions.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities' security teams to implement security best practices.
• Represent the business in key industry groups.
• Performs other related duties as assigned.

Minimum Qualifications:

• Bachelor's degree in a related discipline and 14 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 12 years' experience; a Ph.D. and 9 years' experience in a related field; or 18 years' experience in a related field12+ years of experience required in the field of information security with a demonstrated path of increasing scope and management responsibilities.
• 5+ years managing or leading an Information Security Risk Management function.
• Knowledge and experience in security compliance programs and relevant security frameworks - Payment Card Industry compliance, ISO 27001/2, NIST, privacy laws including CCPA, GDPR and related state and federal programs and legislation.
• Proven experience with corporate security, compliance, and audit programs.
• Ability to make strategic decisions, supervise complex programs, manage, and educate highly skilled professionals, and manage other departments relating to security risk and control.
• Solid, pragmatic business acumen, proven record of creatively solving problems, and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or top management.
• Ability to manage multiple complex projects while meeting all deadlines and manage leaders of teams to achieve optimal results.
• Excellent customer service skills, writing and executive presentation skills.
• Relevant industry certification: CISSP, CISM, CISA, etc.

Preferred:

• Advanced degree (MBA / MS).
• 5+ years of experience in a senior management role.
• Experience in national critical infrastructure industries (telecommunications, financial services, defense, government, etc.).

USD 192,800.00 - 321,400.00
Compensation:
Compensation includes a base salary of $192,800.00 - $321,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.