Sr. Director Corporate Info Security

Comcast Philadelphia, PA

About the Job

Business Unit:

Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast.

The Sr. Director serves as a leader within Comcast's Global CISO organization, and acts as a central point of contact for Comcast's Global

Risk Office (GRO). This position has the responsibility to define Comcast's enterprise security risk strategy, set the enterprise security risk management and threat management approaches, oversee the highest security risk initiatives and serve as a point of escalation for remediation efforts, provide risk-based guidance forvulnerability management, and conduct security risk and capability evaluations in support of M&A activity.

Essential Duties and Key Responsibilities:

- Security Risk Strategy

- Develop an enterprise security risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels (in collaboration with the Global Risk Office)

- Define standard security risk management, reporting and treatment approaches

- Contribute to the enterprise security roadmap by providing a risk-based lens to ensure initiatives are appropriately prioritized and sequenced, and aligned with enterprise risk management (ERM)

- Conduct security risk and capability evaluations in support of M&A activity

- Security Risk and Threat Management Approach

- Define enterprise security risk management and threat management approaches

- Oversee ongoing security risk evaluation process including risk identification, defining thresholds & tolerances, prioritization based on exposure and potential impact, and active follow-up for high priority risks

- Ensure security risk management aligns with the GRO change control process

- Relate security risks to business risks and communicate threats and priorities with internal Audit & Risk

- Oversee highest risk initiatives and serve as a point of escalation for remediation / mitigation efforts

- Develop escalation mechanism for risk and performance metrics that are beyond the tolerance limits

Vulnerability Management

Collaborate with the Executive Director of Security Compliance and Policy to execute a security risk exception treatment process where the business can decide on the risk acceptance / waiver process based on risk appetite

Own special risk and vulnerability assessments

Define and track the overall compliance baseline

Experience and Skills:

- Knowledge of risk management approaches and leading practices

- Knowledge of current and emerging security risks, ideally within the media and telecommunications industries

- Experience developing a comprehensive risk strategy and management approach across a diverse set of businesses and technology environments

- Experience structuring risk assessments and driving mitigation with business and technology risk owners

- Highly collaborative with ability to articulate ideas and influence peers and senior leaders

- Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills

Comcast is an EOE/Veterans/Disabled/LGBT employer