Senior Director, Cybersecurity Compliance

Company

Cox Automotive - USA

Information Technology

Sr Director, Cybersecurity

Sr DirectorHybrid - Ability to work remotely part of the week

No

Day

Compensation

Compensation includes a base salary of $192,800.00 - $321,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate’s knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.

The Senior Director of Security Compliance will develop and oversee the organization's global security compliance strategy, aligning compliance initiatives with business objectives and risk tolerance while ensuring adherence to international, regional, and industry-specific compliance frameworks (e.g., GDPR, ISO 27001, NIST, SOC 2, PCI DSS). This role involves developing, implementing, and managing compliance policies and procedures while fostering a culture of compliance across the organization.  This leader will modernize and enhance our formal control framework and establish processes to recertify control ownership and operating effectiveness over time.  The Senior Director will work closely with senior management throughout both the business and the product technology team as well as our many boundary partner teams including Legal, Internal Controls, Risk Management, and Internal Audit to minimize risk and enhance operational integrity.  Oversee internal and external security audits, ensuring remediation plans for identified issues are executed effectively as well as monitor emerging regulations and compliance trends to maintain up-to-date practices.  Act as the primary liaison with regulatory bodies, auditors, and other stakeholders on security risk-related matters.  This role will additionally establish a culture of continuous improvement for security compliance practices, benchmark the organization’s compliance performance against industry peers, and foster innovation in security compliance to address emerging threats.

Key Responsibilities

• Engages with Cox business leaders to ensure understanding and support of security compliance strategy, priorities and initiatives
• Coordinates effective roadmap development and governance for global initiatives related to security awareness, policy development, client and vendor compliance and overall process improvement
• Establish, maintain and communicate CAI security policies.  Partner with cross-divisional counter parts to ensure alignment, where appropriate, across all Cox divisions.  
• Develop and implement a robust internal control framework aligned with industry best practices (e.g., COSO framework).  Design control activities to address identified risks and ensure effective monitoring of key processes.
• Serve as the liaison with External Auditors, Internal Audit, on all significant Compliance issues involving supported function/business/product and oversee implementation of related remediation.
• Manage all contractual security requirements requested by external parties and ensure that compliance obligations are understood, and requirements are documented.  Prepare and present compliance reports to the engineering leaders and executive team
• Provide oversight and guidance over the assessment of broad complex issues, structures potential solutions and drive effective resolution with other senior stakeholders.
• Advise the businesses on an ongoing basis on new function/business/product initiatives, new products, business acquisitions, and client-related matters with respect to applicability of policies, resolution of potential red flags or other client/transaction-related compliance escalations.
• Manage a variety of compliance requirements including external attestations, regulatory requirements, interacting with clients, legal, stakeholders, and outside counsel as appropriate.
• Lead security requirements in obtaining and maintaining breach insurance coordinating with a variety of internal teams as well as our insurance brokers both domestically and internationally.

Minimum Qualifications     

• Bachelor’s degree in business, law, or a related field. At least 12 years of experience in compliance, risk management, or related areas, with a minimum of  7 years in a senior leadership role; The right candidate could also have a different combination such as a  Master's degree in business, law or related field  and 10 years of experience or a PhD and 7 years experience. Master’s degree preferred.
• Ensures that the team's purpose and importance are defined, clarified and understood. Guides the team in setting specific and measurable short- and long-term goals. Builds others' sense of task ownership and self-confidence by helping them generate ideas, make decisions, obtain resources, and overcome barriers.
• Proactively builds, nurtures and maintains business-focused, long-term working relationships with partners inside and outside of the organization. Demonstrates flexibility when forming and adjusting partnerships to achieve broader goals. Shows willingness to work across boundaries to achieve outcomes addressing business, customer and partner goals and expectations.  Demonstrated strong executive presence and communication skills.
• Direct oversight of managing external attestations such as SOC1/SOC2 Reports, as well as managing compliance with GLBA, PCI DSS, GDPR
• Direct experience managing and redlining contractual security requirements and interacting with legal.
• Direct experience with managing international compliance requirements in Europe
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management skills are essential
• Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style. Candidates must have effective persuasion skills, the ability to work effectively at the highest levels of the organization, and will display highly effective networking and influencing skills

Preferred Qualifications     

• Ability to make strategic decisions, supervise complex programs, manage and educate highly skilled professionals, and influence other departments relating to security risk and control. 
• Solid, pragmatic business acumen with a proven record of creatively solving problems and offering solutions.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or senior leadership.
• Ability to manage multiple complex projects while meeting all deadlines and manage leaders of teams to achieve optimal results.
• Develop strong and productive working environment with key stakeholders and collaborate closely with other Cox entities’ security teams to implement security best practices.  
• Relevant industry certification: CISSP, CEH, OSCP, Azure, AWS, CISM, CISA, etc.

To be employed in this role, you’ll need to clear a pre-employment drug test. Cox Automotive does not currently administer a pre-employment drug test for marijuana for this position. However, we are a drug-free workplace, so the possession, use or being under the influence of drugs illegal under federal or state law during work hours, on company property and/or in company vehicles is prohibited.

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company’s needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.Through groundbreaking technology and a commitment to stellar experiences for drivers and dealers alike, Cox Automotive employees are transforming the way the world buys, owns, sells – or simply uses – cars. Cox Automotive employees get to work on iconic consumer brands like Autotrader and Kelley Blue Book and industry-leading dealer-facing companies like vAuto and Manheim, all while enjoying the people-centered atmosphere that is central to our life at Cox. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.

Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.