Security Client and Vendor Compliance Lead

The Security Client and Vendor Compliance Lead will manage compliance and oversight accountabilities for third-party service providers (vendors). This leader will implement and manage onboarding/due diligence processes for third-party providers and ensure operational effectiveness over time. Responsibilities include overseeing internal and external security audits, ensuring remediation plans are effectively executed, and monitoring emerging regulations and compliance trends to maintain up-to-date practices. The role also involves coordinating with regulatory bodies, auditors, and other stakeholders on security risk-related matters.

This position will foster a culture of continuous improvement in security compliance practices, benchmark the organization's compliance performance against industry peers, and promote innovation to address emerging threats.

1. Engage with Cox business leaders to ensure understanding and support of security compliance strategies, priorities, and initiatives.
2. Collaborate on effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance, and process improvement.
3. Establish, maintain, and communicate CAI security policies related to third-party service providers. Partner with cross-divisional counterparts to ensure alignment across all Cox divisions where appropriate.
4. Serve as the liaison with external auditors and internal audit teams on compliance issues involving third-party service providers.
5. Manage all contractual security requirements for third-party providers and present compliance reports to leadership and the executive team.
6. Oversee and guide assessments of complex issues, structure solutions, and drive effective resolutions with senior stakeholders.

• Bachelor's degree in business, law, or a related field, with at least 6 years of experience in compliance, risk management, or related areas, including a minimum of 7 years in a senior leadership role. Alternatively, a Master's degree with 10 years of experience or a PhD with 7 years experience; Master's preferred.
• Proven ability to build and maintain long-term, business-focused relationships, demonstrate flexibility, and work across boundaries to achieve goals. Strong executive presence and communication skills are essential.
• Experience managing external attestations such as SOC1/SOC2 reports, and compliance with GLBA, PCI DSS, GDPR.
• Experience with contractual security requirements, legal interactions, and international compliance (Europe).
• Effective negotiation skills, proactive communication, and strong presentation and relationship management abilities.

• Ability to make strategic decisions, supervise complex programs, and influence security risk management across departments.
• Strong business acumen, problem-solving skills, and a consultative approach to complex topics.
• Ability to manage multiple projects and lead teams effectively.
• Experience working with security teams across organizations to implement best practices.
• Relevant industry certifications such as CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

Salary range: USD 119,600 - 199,400 per year. Compensation may include additional incentives. Benefits include flexible vacation, paid holidays, wellness hours, and various leave options.