The Security Risk Lead is responsible for identifying, assessing, and mitigating risks related to the organization's information technology and cybersecurity practices. This role involves developing and implementing cybersecurity risk management strategies, ensuring compliance with relevant regulations, and fostering a culture of risk awareness across the organization.
Responsibilities :
- Assist business line leadership with identifying, assessing, controlling, mitigating, and communicating risks associated with business processes and decisions. Evaluate the root cause, the corrective action plans, and work with business partners Technology teams to successfully implement and document remediation
- Support the business in the development of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
- Keep the Business aware of the risk and control environment of the Business through continuous and open communication, by preparing and hosting meetings with Senior Management to present and follow-up on issues, concerns, and corrective action plans.
- Provide oversight and governance to the assigned business unit regarding its control environment including change activities (both business and regulatory change)
- Execute, facilitate and monitor risk governance mechanisms, including but not limited to, Compliance Risk and Control Self-Assessment (C-RCSA), Risk and Control Self-Assessment (RCSA), key risk indicators, policies, risk committees and other elements of the Enterprise Risk Framework
Qualifications:
- Bachelor's degree in information technology, cybersecurity, or a related field; Master's degree preferred.
- Minimum of 4 years of experience in cybersecurity and risk management roles.
- Strong understanding of IT security frameworks and regulatory requirements.
- Experience with reporting platform tools (ServiceNow experience preferred), including workflow creation, dashboard creation, and optimization.
- Executive Communication Skills: Proven experience in communicating and presenting risk management findings.
- Excellent problem-solving, analytical, and critical thinking skills to effectively respond to shifting priorities, demands and timelines.
- Cyber and Enterprise Risk Management Expertise: Deep understanding of cyber and ERM principles and frameworks (e.g., NIST, ISO, COSO, COBIT) with experience.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Risk and Information Systems Control (CRISC) are preferred.
USD 119,600.00 - 199,400.00 per year
Compensation:
Compensation includes a base salary of $119,600.00 - $199,400.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.
