Job Summary
Can you learn quickly while interacting with colleagues, end users and Third-Partycontacts across all Comcast line of business all while having fun.
Are you analytical with a focus for details. Do you like to learn about risk
management frameworks like ISO. NIST 800-53 while working with workflow tools
such as ServiceNow?
Do you like to work in a dynamic environment with a lot of interaction on a day-to
day basis with people all across the Comcast national footprint?
If yes, we want to hear from you!
Job Description
• Review the TPSA risk management process from start to finish while completing QA reviews for multiple risk assessments in parallel. • Ensure processes are properly defined and formally documented for consistent execution. • Validate compliance with Payment Card Industry (PCI) Data Security Standards (DSS), SOC reports and ISO27001 Certifications as needed during the Third Party security assessment. • Document risk exceptions when necessary and ensure they obtain proper approval. • Provide input to Legal on Third Party contracts as requested. • Obtain an understanding of Comcast’s third party tools used to monitor Third Parties. • Ensure Third Parties are properly decommissioned during the termination process to remove residual risk to Comcast. • Create weekly, monthly and ad-hoc reports as needed to represent Key Performance and Risk Indicators as they apply to the Third Party Security Assurance program. • Identify opportunities for process improvements to deliver increased operational efficiency in the process. • Participate in projects with a Third Party Security Assurance component and ensure they are delivered on time. • Participate in creating Business Requirements and User Acceptance Testing for enhancements to current tools such as ServiceNow. • Respond to internal business partners questions and provide awareness information on roles and responsibilities. • Review Third Party Provider contract revisions for compliance requirements • Write risk reports and work with vendors to implement remediation responses. Technical Expertise Required: • Solid experience in reviewing SOC, ISO and PCI Reports. • Exposure to Technical skills including audit, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management. • Must be able to communicate with all levels of management both at the bank and at the Third-Party Provider both written and verbally. • Information Security - Knowledge of information security principles, practices, and technologies to evaluate the security measures of third parties effectively. • Ability to work with 3rd parties – external communication, ability to influence and work with 3rd parties like vendors & partners (staff Aug., hardware, software, law firms, and other kind) both in USA and internationally. • Communication and Collaboration – Solid communication skills to work with internal stakeholders and third parties to ensure risk management processes are understood. • Adaptability and Learning - Given the evolving nature of risks, the ability to stay updated on emerging threats and adapt risk management strategies accordingly. • Documentation and Record Management: Maintaining accurate records of assessments, contracts, and risk management activities for auditing and reporting purposes. • Audit and Assessment Skills - Proficiency in conducting audits and vulnerability assessments and testing to evaluate the security posture of third parties. • Data Analysis - Analytical skills to assess data and reports related to third party risk, enabling data-driven decision-making. • Exposure and basic understanding of the following risk domains/technologies: o Database and application security o System/Access Administration o Infrastructure security / technologies o Network Architecture o Security Event Logging & Monitoring o Key Management/Tokenization o Database/Application/Network Layer Secure Protocols o Physical and Environmental Security o Secure Software/Code Development o Change Management o Vulnerability Management
We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.
Please visit the benefits summary on our careers site for more details.
Education
Bachelor's DegreeWhile possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.Certifications (if applicable)
Relevant Work Experience
2-5 YearsComcast is an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.