Security Consultant-Third Party Risk Assessment- Cox Commuinications
June 13, 2018
Full Time - Experienced
United States, Dollar (USD)
Cox Communications is searching for a security consultant who will be a member of the Third-Party Security team, this individual will be primarily responsible for providing and negotiating security obligations for third party service provider/vendor contracts. Activities include: analyzing the inherent risk of vendor service(s) provided, select appropriate security control provisions to include in the contract, collaborate with boundary partners, negotiate redlines, escalate issues as required, and keeping comprehensive notes of contract activities.
In addition, this individual may be called upon to assist in performing due diligence activities on third-party suppliers such as: conducting site audits, interviewing personnel, analyzing vendor provided evidence such as SOC reports, vulnerability scan results, policies and standards, analysis of responses to security questionnaires, etc. This individual will make determinations as to the effectiveness of security controls implemented at a service provider’s organization based on the information that is collected and analyzed.
The result of contract and due diligence activities will be documented and presented to stakeholders for remediation and/or acceptance.
Determine the inherent risk of third-party service(s) and provide appropriate security contractual obligations (i.e., security exhibit) with the applicable vendor agreement.
Participate in contract negotiations with third-party suppliers to ensure that applicable security considerations are incorporated into the contract in accordance with regulatory requirements and corporate security policies.
Collaborate with Supply Chain Management and Legal departments to provide advice and guidance regarding information security provisions within a given contract agreement.
Participate in meetings, prepare risk consideration reports, and maintain electronic and paper documentation.
Ensure that any/all redlines from third-party service providers are reviewed and approved by Legal prior to agreement.
Update and maintain internal reporting, network folders, and department databases as required.
Conduct risk assessments within third party supplier and partner organizations to determine the effectiveness of their respective information security controls.
Coordinate and conduct on-site visits with service providers to validate the implementation and effectiveness of physical, technical and administrative safeguards. Travel approximately 10%.
Analyze responses to in-depth information security questionnaires that are completed by new and existing service providers.
Interview key third party supplier personnel (i.e., CISO, Developers, Operations, etc.) both in-person, WebEx, and conference calls to gain additional insight and/or clarify responses to completed questionnaires.
Review evidence provided by the third party supplier to ensure effective implementation of described controls such as internal and external audit reports, PEN test results, policies, standards, procedures, onboarding and termination processes, etc.
Identify strengths and weaknesses within a third party’ supplier’s information security program and determine whether the respective controls are adequate or require improvement.
Document results in a formal report and present information to key technology and business process stakeholders to promote awareness and determine remediation requirements.
Owns work process / issues from inception through execution and implementation involving boundary partners wherever needed.
Nature of work requires increasing independence; receives guidance only on unusual complex problems or issues; Work review typically involves periodic review of output by supervisor and/or direct “customers” of the process.
Possess and apply a broad knowledge of principles, practices, and procedures of particular field of specialization to the completion of moderately complex assignments. Solid knowledge of technologies and practices.
The role requires a balance of both technical and interpersonal skills and the ideal candidate must effectively manage their time, workload.
Where knowledge may not be readily available, incumbents at this level know how & where to research and what information is necessary to document.
7 or more years of direct experience conducting third party security due diligence assessments.
Prior experience providing and negotiating information security provisions within third-party agreements.
Prior experience conducting information security due diligence of third-party suppliers.
Experience with creating and executing SQL queries.
Extensive knowledge in assessing the risks and security posture of suppliers.
Experience participating in industry events and experience as a representative on an industry-wide committee.
Recognition for knowledge and expertise in certain technical domains.
About Cox Communications
Cox Communications is a broadband communications and entertainment company, providing advanced digital video, Internet, telephone and home security and automation services over its own nationwide IP network. Cox Business is a facilities-based provider of voice, video and data solutions for commercial customers, and Cox Media is a full-service provider of national and local cable spot and digital media advertising. Cox is known for its pioneering efforts in broadband, voice and commercial services, industry-leading customer care and its outstanding workplaces. More information about Cox Communications, a wholly owned subsidiary of Cox Enterprises, is available at www.cox.com and www.coxmedia.com.
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
From the valued customers we connect through our innovative communications services, to the employees we unite through exciting career opportunities, Cox is all about bringing people together and enhancing their lives.
The third-largest U.S. cable company, Cox serves approximately 6 million residences and businesses. Cox Business is a facilities-based provider of voice, video and data solutions for commercial customers, and Cox Media is a full-service provider of national and local cable spot and digital media advertising.
Cox is known for its pioneering efforts in cable, telephone and commercial services, industry-leading customer care, and its outstanding workplaces. We are always looking for talented professionals to join our team! Cox offers competitive salaries, an excellent benefits package (healthcare and 401k matching) and a best-in-class working environment.
For nine years, Cox has been recognized as the top operator for women by Women in Cable Telecommunications; Cox has ranked among DiversityInc's Top 50 Companies for Diversity 11 times. More information about Cox Communications, a wholly owned subsidiary of Cox Enterprises, is available at www.cox.com and www.coxmedia.com