Security Client and Vendor Compliance Lead

The Security Client and Vendor Compliance lead will manage compliance and oversight accountabilities for third-party service providers (vendors). This leader will implement and manage onboarding/due diligence processes required for third-party service providers and ensure operational effectiveness over time. Responsibilities include overseeing internal and external security audits, ensuring remediation plans for identified issues are executed effectively, and monitoring emerging regulations and compliance trends to maintain up-to-date practices. The role also involves coordinating with regulatory bodies, auditors, and other stakeholders on security risk-related matters.

This role will foster a culture of continuous improvement in security compliance practices, benchmark the organization's compliance performance against industry peers, and promote innovation in security compliance to address emerging threats.

1. Engage with Cox business leaders to ensure understanding and support of security compliance strategies, priorities, and initiatives.
2. Collaborate on effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance, and process improvement.
3. Establish, maintain, and communicate CAI security policies related to third-party service providers, ensuring alignment across Cox divisions.
4. Serve as the liaison with external auditors and internal audit teams on significant compliance issues involving third-party service providers.
5. Manage all contractual security requirements for third-party service providers and report compliance status to leadership and the executive team.
6. Oversee assessment of complex issues, structure solutions, and drive resolution with senior stakeholders.

1. Bachelor's degree in business, law, or a related field, with at least 6 years of experience in compliance, risk management, or related areas, including 7 years in a senior leadership role. Alternatively, a Master's degree with 10 years of experience, or a PhD with 7 years of experience. Master's degree preferred.
2. Proven ability to build and maintain long-term, business-focused relationships and demonstrate flexibility in partnerships. Strong executive presence and communication skills are essential.
3. Experience managing external attestations such as SOC1/SOC2 reports, and compliance with standards like GLBA, PCI DSS, GDPR.
4. Experience with contractual security requirements and legal interactions.
5. Experience managing international compliance requirements in Europe.
6. Effective negotiation, communication, and relationship management skills, with a proactive approach to issues.

1. Ability to make strategic decisions, supervise complex programs, and influence security risk management across departments.
2. Strong business acumen and problem-solving skills.
3. Consultative approach to addressing complex topics with stakeholders and leadership.
4. Ability to manage multiple projects and lead teams effectively.
5. Experience collaborating with security teams across organizations to implement best practices.
6. Relevant industry certifications such as CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

Compensation: USD 119,600.00 - 199,400.00 per year, with potential additional incentives.

Benefits: Flexible paid time off, holidays, wellness hours, and other leave options.