Cyber Risk and Compliance Manager

This Senior Security Consultant is responsible for the development and delivery of Cox Communications and acquisition companies' strategic cyber communications program and establishing regular engagement routines with business stakeholders to ensure they understand the objectives of the cyber security program and their role in it, and cyber security awareness and education for employees and contractors. The overall goals are to educate the organizational stakeholders on their role in cybersecurity either by managing their team's role in delivering work or through personal education of users. In collaboration with other members of the department, this position will manage a broad set of activities, including developing strategic communications materials, managing regular meeting cadence with critical stakeholders, delivering internal phishing campaigns, drafting publications, creating and managing website content, facilitating marketing campaigns, creating timelines and infographics; and helping to plan outreach, awareness, and educational events. The Senior Security Consultant will also be responsible for evaluating effectiveness of techniques and resources as appropriate.

Successful candidates will demonstrate strong business acumen and possess a blend of general business, technology, and security competencies. Specifically, this individual will have a versatile background, critical thinking, and analytical capabilities, as well as a proven ability to communicate across organizational boundaries to implement an effective security awareness program.

PRIMARY RESPONSIBILITIES AND ESSENTIAL FUNCTIONS :

• Develop and manage the strategic communications routines of the cybersecurity organization using innovative, relevant, and impactful avenues to communicate the message across all levels of the enterprise. This role is charged with increasing leadership and employee's understanding of and accountability for the protection of company people, information, and systems.
  • Ensure strategic objectives of the cybersecurity program are communicated by developing critical materials for:
    • Twice a year updates to CEI Chairman and Divisional Presidents and key leadership
    • CCI Enterprise Risk Management - Quarterly updates on the 2 top red enterprise risks
    • CEI Enterprise Risk Management - 2 times per year
    • CISO and key leader presentations to markets and external organizations
    • Funding request updates
    • Security Risk Committee Updates - EVP/SVP updates 6 times per year
    • SCTE/CableLabs materials
    • Customer updates as needed
  • Coordinate responses and meeting for cyber insurance providers annually
  • Advance a strong security culture set forth by the CISO, ensuring adoption across security leadership, business units, and employees.
  • Provide liaison support for cybersecurity communications between the Cybersecurity organization and the business.
• Drive the security awareness program by setting up formal and informal training and learning programs to increase the awareness and adoption of security awareness capabilities across Cox Communications and expand the program to acquisition companies.
  • Develop the strategy, goals, and objectives for the information security training, education, and awareness program.
  • Ensure all regulatory and compliance requirements for security awareness are met.
  • Extend beyond regulations to drive behavioral change into the business and inspire a security culture.
  • Deliver and measure simulated phishing campaigns, including choosing simulation templates, execution of the campaigns, recording key metrics, and sharing results with leadership.
  • Produce periodic, high-quality reports illustrating program status, areas for improvement and success attributes aligning to the business
  • Ensure information security program communicates policies and requirements where people know, understand, and can follow them.
  • Develop new or identify existing information security training, education, and awareness activities appropriate for company audiences.
  • Help organize and delivery security awareness events.
  • Build Cox Communication awareness by taking a holistic approach to the information security awareness program using electronic messages, forums, billboards, newsletters, and printed materials that complement each other and build upon previously covered concepts.
  • Build relationships with cross-departmental partners to improve the quality of security awareness training across organization, including consultants.
  • Create innovative security awareness campaigns using solution providers as well as internally developed materials to leveraged across a diverse employee population (executives, engineering, Cox Business, Care, finance, etc.).
  Coordinate efforts with Public Affairs to develop strategies and maintain consistent messaging across the company.
  

QUALIFICATIONS AND EXPERIENCE:

Minimum

• Bachelor's degree in a related discipline and 6 years' experience in a related field (technology, security, operations, design, or development group). The right candidate could also have a different combination, such as a master's degree and 4 years' experience; a Ph.D. and 1 year of experience; or 10 years' experience in a related field
• Experience writing and designing information security educational material for employees.
• Requires strong oral and written communication skills, with experience in clearly explaining complex information security concepts and technologies for both technical and non-technical audiences leveraging various media.
• Ability to speak to mid to large size groups presenting training and awareness.
• Demonstrates highly effective communications skills with the ability to influence business units
• Ability to manage multiple engagements and prioritize workload.
Strong problem-solving skills.

Preferred

• Security awareness program development and training or a similar background, preferably in large enterprise.
• Experience writing and designing information security educational material for employees.
• Instructional designer or any skills related to training will be considered a plus.
• Experience running and supporting phishing campaigns and training.
• Experience in designing dashboard to reflect the effectiveness of cybersecurity awareness program.
• Social media, communications and marketing experience will be considered a plus.
• Big four consulting background or Fortune 500 company experience.
• Telecom/Cable or Wireless industry experience.
• Knowledge of IT and security frameworks, such as NIST or CIS.
At least one relevant industry certification - CISSP, CISM, CISA, etc.

USD 105,700.00 - 176,100.00 per year

About Cox Communications

Cox Communications is the largest private telecom company in America, serving six million homes and businesses. That's a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you're interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!

About Cox

Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!

Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .

Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.

Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.