Director, Comcast Business Information Security

Comcast Philadelphia, PA

About the Job

Business Unit:

It is the responsibility of Comcast Business Information Security Director to plan, direct and coordinate tasks to protect, safeguard and secure company assets.
Successful candidate will be responsible for managing and overseeing the Information Security policies, standards, and practices implemented across Comcast Business' Managed Enterprise Services.

Candidate will:
- Develop initiatives, security strategies, key goals, and activities to integrate policies and guidelines.
- Define Information Security risk management methodologies and processes.
- Collaborate extensively with the leaders and other related functions to ensure implementation of standards for appropriate security checkpoints and encryption methods.
- Lead a cross-functional team and provide security guidance to product owners as it relates to hardware and application systems included in product development
- Develop and implements strategy for functional area(s)
- Assists in the preparation of budgets and forecasts
- Review critical infrastructure to ensure components meet security requirements for data protection
- Select, develop, and evaluate personnel to ensure efficient operations within team
- Manage and supervise third parties (contractors, consultants, etc.) and perform various tasks for company hosted and web-enabled solutions

Primary Motivators
- Protect customer and employee information
- Widespread adoption of security practices and tools
- Balance business and security risk
- Reduce cyber risk with minimal business impact

Additional Responsibilities
- Assist teams with adopting security practices and tools
- Analyze threats / vulnerabilities and how they impact the risk for a given product
- Keep up-to-date w/ changing technology and regulatory landscape
- Lead a team to conduct product security assessments and help with security-oriented projects
- Collaborate with development, operations teams
- Engage with product development on latest security threats, tools, and practices
- Overcome potential barriers between security and business
- Expand relationship network
- Ensure business goals are well understood
- Help prioritize product features / initiatives
- Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary
- Other duties and responsibilities as assigned

- Must have experience interpreting security policies and incorporating security requirements in greenfield and legacy systems.
- Must have knowledge of secure coding practices, static and dynamic application security assessments and analyzing reports to determine remediation path.
- Must have deep understanding risk classification and of the varying levels of risk vulnerability and risk management experience.
- Must have experience establishing security baselines, performing self-audits and reporting risks to management.

- Bachelor's Degree or Equivalent in Technology
- CISSP a plus
- Generally, requires 10+ years related experience

Comcast is an EOE/Veterans/Disabled/LGBT employer