Security Client and Vendor Compliance Lead

The Security Client and Vendor Compliance Lead will manage compliance and oversight accountabilities for third-party service providers (vendors). This leader will implement and manage onboarding/due diligence required for third-party service providers and ensure operating effectiveness over time. They will oversee internal and external security audits, ensuring remediation plans for identified issues are executed effectively, and monitor emerging regulations and compliance trends to maintain up-to-date practices. Additionally, they will coordinate with regulatory bodies, auditors, and other stakeholders on security risk-related matters.

This role will foster a culture of continuous improvement in security compliance practices, benchmark the organization’s compliance performance against industry peers, and promote innovation in security compliance to address emerging threats.

1. Engage with Cox business leaders to ensure understanding and support of security compliance strategy, priorities, and initiatives.
2. Collaborate on effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance, and process improvement.
3. Establish, maintain, and communicate CAI security policies related to third-party service providers. Partner with cross-divisional counterparts to ensure alignment across Cox divisions where appropriate.
4. Serve as the liaison with External Auditors and Internal Audit on significant compliance issues involving third-party service providers.
5. Manage contractual security requirements for third-party service providers and present compliance reports to leadership and the executive team.
6. Oversee assessment of complex issues, structure solutions, and drive resolution with senior stakeholders.

• Bachelor's degree in business, law, or a related field, with at least 6 years of experience in compliance, risk management, or related areas, and a minimum of 7 years in a senior leadership role. Alternatively, a Master’s degree with 10 years of experience or a PhD with 7 years of experience. Master’s degree preferred.
• Proven ability to build and maintain long-term, business-focused relationships internally and externally, demonstrating flexibility and willingness to work across boundaries. Strong executive presence and communication skills.
• Experience managing external attestations such as SOC1/SOC2 reports, and compliance with GLBA, PCI DSS, GDPR.
• Experience managing contractual security requirements and interacting with legal teams.
• Experience with international compliance requirements in Europe.
• Effective negotiation skills, proactive communication, and strong presentation and relationship management abilities.

• Ability to make strategic decisions, manage complex programs, and lead highly skilled professionals.
• Strong business acumen with a creative approach to problem-solving.
• Consultative skills to navigate complex topics with employees and leadership.
• Ability to manage multiple projects and lead teams to achieve results.
• Collaborative approach to security best practices across entities.
• Relevant industry certifications such as CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

Compensation: USD 119,600.00 - 199,400.00 per year. Compensation includes a base salary within this range, potentially supplemented by incentives, depending on location, experience, and skills.

Benefits: Includes flexible vacation, paid holidays, up to 160 hours of paid wellness leave annually, and additional leave options such as bereavement, voting, jury duty, volunteer, military, and parental leave.