Security Client and Vendor Compliance Lead

The Security Client and Vendor Compliance Lead will manage compliance and oversight accountabilities for third-party service providers (vendors). This leader will implement and manage onboarding/due diligence processes required for third-party service providers and ensure operational effectiveness over time. They will oversee internal and external security audits, ensuring remediation plans for identified issues are effectively executed, and monitor emerging regulations and compliance trends to maintain up-to-date practices. Additionally, they will coordinate with regulatory bodies, auditors, and other stakeholders on security risk-related matters.

This role will foster a culture of continuous improvement in security compliance practices, benchmark the organization’s compliance performance against industry peers, and promote innovation in security compliance to address emerging threats.

1. Engage with Cox business leaders to ensure understanding and support of security compliance strategy, priorities, and initiatives.
2. Collaborate on developing and governing global security awareness, policy development, client and vendor compliance, and process improvement initiatives.
3. Establish, maintain, and communicate CAI security policies related to third-party service providers, ensuring alignment across Cox divisions where appropriate.
4. Serve as the liaison with External and Internal Auditors on all significant compliance issues involving third-party service providers.
5. Manage contractual security requirements for third-party providers and report compliance status to leadership and executives.
6. Oversee assessment of complex issues, structure solutions, and drive resolution with senior stakeholders.

• Bachelor’s degree in business, law, or related field with at least 6 years of experience in compliance, risk management, or related areas, and a minimum of 7 years in a senior leadership role. Alternatively, a Master’s degree with 10 years of experience or a PhD with 7 years of experience. Master’s preferred.
• Proven ability to build and maintain long-term, business-focused relationships, demonstrating flexibility and cross-boundary collaboration. Strong executive presence and communication skills are essential.
• Experience managing external attestations such as SOC1/SOC2, and compliance with GLBA, PCI DSS, GDPR.
• Experience negotiating contractual security requirements and working with legal teams.
• Experience managing international compliance requirements in Europe.
• Effective negotiation, communication, and relationship management skills, with a proactive approach to issues.

• Ability to make strategic decisions, oversee complex programs, and influence security risk management across departments.
• Strong business acumen with creative problem-solving skills.
• Consultative approach for handling complex topics with various stakeholders.
• Capability to manage multiple projects and lead teams effectively.
• Ability to foster productive stakeholder relationships and collaborate on security best practices.
• Relevant industry certifications such as CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

Compensation: USD 119,600.00 - 199,400.00 per year. The salary varies based on location, experience, and qualifications. Additional incentive compensation may be available.

Benefits: Flexible paid vacation, seven paid holidays, up to 160 hours of paid wellness leave annually, and other leave options including bereavement, voting, jury duty, volunteer, military, and parental leave.