Information Security Risk & Compliance Manager
Department Summary
DISH is a Fortune 200 company that continues to redefine the communications industry. Our legacy is innovation and a willingness to challenge the status quo, including reinventing ourselves. We disrupted the pay-TV industry in the mid-90s with the launch of the DISH satellite TV service, taking on some of the largest U.S. corporations in the process, and grew to be the fourth-largest pay-TV provider. We are doing it again with the first live, internet-delivered TV service - Sling TV - that bucks traditional pay-TV norms and gives consumers a truly new way to access and watch television.
Now we have our sights set on upending the wireless industry and unseating the entrenched incumbent carriers. DISH is transforming the future of connectivity. We're doing it by building the country's first virtualized, standalone 5G wireless network from scratch. The foundation of a connected world, it's a network free of the limitations of the past, and flexible enough to satisfy all the social, economic, and transformative needs of the changing world.
We are driven by curiosity, pride, adventure, and a desire to win - it's in our DNA. We're looking for people with boundless energy, intelligence, and an overwhelming need to achieve, to join our team as we embark on the next chapter of our story.
Opportunity is here. We are DISH.
Job Duties and Responsibilities
DISH Network has an exciting opportunity for a Manager, Information Security Risk & Compliance at our Headquarters location in Englewood, Colorado. The Risk & Compliance Manager is a key leadership role for our Information Security and Governance, Risk, and Compliance (GRC) teams. This position is full-time, permanent, has supervisory duties, is salaried with standard work hours, and requires very little travel. We are looking for someone who can start immediately.
The Risk & Compliance Manager will report to Sr Manager, Information Security GRC, and will function as a central Information Security subject matter expert supporting enterprise teams, including managing the team supporting the Risk and compliance programs. They will work within the GRC team to mature the Risk & Compliance assessment and control requirement program, develop control testing and monitoring capability, and support the onshore/offshore team throughout assessment lifecycles.
Key responsibilities:
- Information Security Risk Management:
- Partner with Business Units to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.
- Act as team lead across information security risk management activities including internal and third party risks.
- Supervise teams responsible for assessing, managing, and monitoring internal and external security risk.
- Provide security consultation for new and ongoing enterprise initiatives.
- Consult on defining security policies and best practices.
- Educate and build awareness of security requirements across the organization.
- Improve compliance with security standards and policies across enterprise teams.
- Participate in testing and monitoring of security and privacy controls executed by enterprise teams.
- Lead security enhancement projects focused on new or changing technologies.
- Publish executive-level security reporting across governance, risk, and compliance activities.
Information Security Compliance Management:- Design, lead and execute a Compliance program focused on PCI /CPNI data handling across the enterprise.
- Draft policies/procedures that govern the security of DISH data across the enterprise with a specific focus on compliance requirements.
- Partner with security teams to identify and analyze security requirements to align with compliance standards.
- Track, document and address compliance gaps to ensure timely closure.
- Manage the annual PCI audit including evidence gathering, quality assurance of evidence, coordination of audit resource meetings, and other tasks required to successfully complete the audit.
- Ensure ASV Scans and Pentesting are conducted quarterly and annually, respectively with all remediation activities being completed within expected timelines.
- Lead security enhancement projects focused on new or changing compliance requirements.
- Educate and build awareness of compliance requirements.
- Coordinate with Third Party Risk management to ensure compliance needs are being addressed and tracked appropriately with third party vendors.
- Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our compliance needs.
- Continuously improve the compliance program with new information, procedures, or documentation.
- Coach and mentor junior staff.
- Other responsibilities as assigned.
Work attire: Business casual
Working hours: This is a full-time on-site position: 40 hours/week. Days and hours of work are typically Monday through Friday; 8:00 a.m. to 5 :00 p.m. or 9 :00 a.m. to 6 :00 p.m.
Skills, Experience and Requirements
Education and Experience:
- Bachelor's or Masters's degree, preferably in computer science or other technical (STEM) fields, or equivalent amount of education and experience in a related discipline and at least 3-5 years of directly related experience.
- Must understand SOX, PCI, CPNI, CCPA, FACTA, and similar IT Compliance and Privacy regulations.
- Strong understanding of risk mitigation methodologies and regulatory requirements about information security, privacy, and/or data security.
- Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.
Skills and qualifications:
- Analytical aptitude with an emphasis on investigative, methodical critical questioning, and logical thinking; a data-driven decision maker.
- High-level interpersonal skills.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
- Professional certification (CISA, CRISC, CSIM, CIA, or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic, and business problem-solving, and must meet minimum standards to be considered for this position.
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Presentation Skills
- Multitasking
- Communication w Executives
- Team Leadership
- Can Interpret Regulations and Compliance Requirements
- Thought Leadership
- Cross-functional Team Leadership
- Strategic Thinking and Planning (Team)
- Brand & Team Ambassador
- Expert Risk Management Foundation
- Expert Information Security Foundation
- Expert Security Control Framework Foundation
- Advanced Data Privacy Foundation
- Can Teach/Educate Risk & InfoSec Principles
- Can Consult Business Leaders on Risk and InfoSec Principles
- Can Develop Metric Dashboards
- Experience Contributing Through Others
- Detailed Knowledge of Most GRC Functions
Personality:
- Requires a well-organized, cheerful, and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
Salary Range
Compensation: $122,000.00/Year - $185,000.00/Year
Compensation and Benefits
We also offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits .
The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location. Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check.