Executive Director, Vulnerability Management

Comcast Philadelphia, PA

About the Job

Business Unit:

We are looking for an experienced cybersecurity technologist/leader to help lead Comcast's Product Security and Privacy practice. This leader will collaborate with the organization's key stakeholders and the broader Comcast community to develop and deliver upon a security strategy to identify and address areas of risk and ensure the protection of customer and internal data. She/he will leverage their technical expertise and strong business acumen to define objectives, and establish priorities, and appropriate milestones in the development and management of a security strategy, specifically Vulnerability Management. This leader should have broad knowledge/experience in a number of areas related to technology and cyber security. This leader must have broad knowledge/experience in technology and cyber security, use a collaborative approach in influencing senior leadership and their teams in the prioritization of security remediation, and be comfortable/successful in a fast-moving technical environment. The ideal candidate will be collaborative and be comfortable/successful in a fast-moving technical environment. This individual will be a forward-thinking security leader who is dedicated to a rigorous and thoughtful approach to security that is able to be implemented at scale.

- Drive/create the approach to information security that addresses potential vulnerabilities within software product development, software supply chain, technology partnerships and ecosystem
- Drive vulnerability management operations across Comcasts' expansive footprint to ensure timely remediation. This includes asset management, scanning, patch management, vulnerability assessment/tracking, remediation engineering and reporting.
- Build and lead a team of technologists, some of whom will be embedded in product development teams.
- Remain ahead of the curve in terms of security engineering/security related technology and tools.
- Oversight for reporting on metrics, KPIs and SLAs.

- The ideal candidate will be an experienced security technology leader with a strong business acumen. This person will have a passion for leading/influencing teams, improving processes and identifying/executing new secure engineering practices that drive product security innovation.
- A proven track record delivering on a transformation and implementation of a secure engineering best practices throughout the product development process.
- This executive will have a strong grasp in all aspects of security disciplines, demonstrated success with mitigating risks and security threats with solutions that are cost effective, compliant, flexible, and as transparent as possible.
- The ability to empower, collaborate, motivate trust and confidence for his/her security change management program to win the confidence of key stakeholders in a matrixed environment.
- Deep subject matter expertise in the areas of vulnerability management, info security, threat modeling, secure development life cycle, Public Key Infrastructure (PKI), secure engineering practices, and related emerging best practices.

- 15+ years of experience in a secure product engineering, software security product development, and/or software/hardware product security with 5+ years of leadership experience.
- Proven ability to communicate with technology and business leaders.
- Bachelor's degree in related field, master's preferred.
- Exceptional oral and written communication skills.
- Advanced security certifications (CISSP, CSSLP, OSWE, CASS, GPEN, CEH or CISM) are appreciated.

Comcast is an EOE/Veterans/Disabled/LGBT employer