Lead Analyst, Security Compliance

Comcast Advertising is driving the TV advertising industry forward, from delivering ads to linear and digital audiences to pioneering the tech that makes it possible. We help brands connect with their audiences on every screen using advanced data, technology, and premium video content. Our media sales division helps local, regional, and national brands reach potential customers through multiscreen TV advertising. Our ad tech division FreeWheel provides comprehensive adtech that makes it easier to buy and sell premium video advertising across all screens, data types, and sales channels.
Job Summary
The Lead Security Compliance Analyst serves as the subject matter expert for all security and privacy policies, standards, and controls applicable to Comcast Advertising technology. As part of the Security and Privacy Management team within the Technology, Experience, and Services organization, they are responsible for ensuring compliance with security and privacy requirements for both new and existing technologies, applications, and systems. The ideal candidate maintains subject matter expertise of both internal and industry security and privacy best practices, identifies areas of non-compliance, and implements strategies to close the gaps. They build and strengthen relationships with stakeholders across the business and can translate complex security and privacy requirements into specific objectives. They participate in architecture, design, and development meetings to ensure all security and privacy requirements are incorporated into technology. They act as a key contributor in a dynamic and crucial technology environment.
Job Description
Core Responsibilities

• Review and provide feedback on policies, standards, guidelines, and best practices.
• Assess control design and effectiveness in order to ensure proper alignment of requirements across teams, as well as provide feedback on control gaps.
• Create a process for identifying and implementing controls around new/updated security policies while also reinforcing security awareness for those changes.
• Establish, document, and broadly communicate security best practice norms to the technology organization, outlining how to create, maintain, enforce, and deprecate security controls in line with enterprise requirements.
• Work with technical engineering and product management partners to assist in the development of Agile features based off security and privacy requirements.
• Act as security lead on projects and initiatives ensuring teams complete all required security and privacy tasks per project phase.
• Lead internal Security Review Boards to identify upcoming projects, track active projects, and coordinate across teams on the requirements for each project.
• Collaborate with both internal and external teams to support audits and examinations
• Develop strong partnerships with internal and external technology teams including engineering, data, infrastructure, and cloud.
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) and overtime as necessary.
• Other duties and responsibilities as assigned.

Requirements

• Bachelor's degree in computer science, technology, risk management or related field, or equivalent work experience.
• 4+ years of experience in governance, risk, and compliance function.
• Experience in security frameworks such as NIST, ISO, HIPAA or HiTrust and regulatory compliance reporting such as PCI and/or SOX.
• Experience or foundational knowledge of security and cloud architecture.
• Expert experience in policy and exception management.
• Experience managing risk and compliance function in a cloud computing environment.
• Strong analytical, organization, time management, facilitation, and process management skills.
• Demonstrated high level of written, verbal, and interpersonal skills to communicate technical and non-technical information, ideas, procedures, and processes.
• CISA, CGEIT, CISSP or CRISC certification preferred.

Employees at all levels are expected to:

• Understand our Operating Principles; make them the guidelines for how you do your job.
• Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
• Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
• Win as a team - make big things happen by working together and being open to new ideas.
• Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
• Drive results and growth.
• Respect and promote inclusion & diversity.
• Do what's right for each other, our customers, investors and our communities.

Disclaimer:

• This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law. Comcast will consider for employment applicants with arrest or conviction records in accordance with the requirements of applicable law, including the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Please note that federal state, or local laws and regulations may restrict or prohibit Comcast from hiring individuals convicted of certain crimes. Additionally, an applicant's criminal history may have a direct, adverse, and negative relationship on the job duties of this position, which may result in the withdrawal of a conditional offer of employment.
Skills:
Stakeholder Collaboration; Security Development Lifecycle; Security Compliance
Salary:
National Pay Range: $76,365.90 USD-$178,982.58 USD
Comcast intends to offer the selected candidate base pay within this range, dependent on job-related, non-discriminatory factors such as experience. The application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later.
The application window is 30 days from the date job is posted, unless the number of applicants requires it to close sooner or later.
Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality - to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.
Education
Bachelor's Degree
While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.
Relevant Work Experience
7-10 Years