Director, Governance Risk and Compliance

Effectv, the advertising sales division of Comcast Cable, helps local, regional and national advertisers use the best of digital with the power of TV to grow their business. It provides multi-screen marketing solutions to make advertising campaigns more effective and easier to execute. Headquartered in New York with offices throughout the country, Effectv has a presence in 66 markets with nearly 35 million owned and represented subscribers. We’re dedicated to helping our clients meet their business goals by connecting them with their customers through multiscreen television advertising. Working with companies from local startups to nationwide corporations, we provide support to help each business reach its target customers. By applying data to television advertising in new ways, we’re able to bring our clients the best of digital media, coupled with the power of TV. To learn more, check out www.effectv.com.

Job Summary

As a leader on the Governance Risk and Compliance team, you will be part of the larger Technology Experience and Services team whose focus is delivering operational excellence to technology operations by providing teammates with exceptional care. The Director Governance Risk and Compliance (GRC) is responsible for managing all aspects of technology compliance and risk including policy and governance, risk management, regulatory compliance, awareness and outreach, business continuity, and data governance and protection. This is a hands-on leadership position where you will be responsible for directing a team of GRC professionals, building relationships with internal and external stakeholders, and providing risk and compliance visibility to leadership.

Job Description

Core Responsibilities

• Oversee activities to develop or demonstrate reasonable assurance that security and privacy policies, procedures, programs, operations, and controls are within accepted risk tolerances, and comply with regulatory, or applicable industry standards.
• Define approaches to correct security and privacy deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
• Conduct research to understand emerging security risks and consult with technology and vendor owners on design and implementation of controls in alignment with new or changing industry standard and regulations.
• Drive continuous improvement of governance, risk and compliance strategies and program to ensure Effectv remains in line with best practices.
• Provide consulting across Effectv GRC, Corporate Security and Effectv Technology by leading or participating in various audits or assessments.
• Oversee the company’s privacy program in accordance with applicable federal and state laws by investigating and acting on privacy requests across all locations and jurisdictions.
• Oversee the company’s business continuity program and resiliency practices in accordance with applicable federal and state laws and standards (i.e., ISO 22301) for all locations and jurisdictions.
• Oversee the company’s third-party risk management program to administer and establish measurement, identify and evaluate response options, and provide information to enable adequate risk-response by leadership.
• Oversee the company’s retention policies to maintain an effective records management systems and to comply with third party and customer agreements.
• Establish, document, and broadly communicate security policy management norms to the technology organization, outlining how to create, maintain, enforce, and deprecate security controls in line with enterprise policy requirements.
• Formulate strong partnership with internal and external technology teams including applications, infrastructure, and cloud.
• Participates in the administrative processes for Human Resources including hiring and promotions.
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent, and punctual attendance. Must be able to work nights and weekends, variable schedule(s) and overtime as necessary.
• Other duties and responsibilities as assigned.

Requirements:

• Bachelor’s degree in computer science, Accounting/Finance, or related field, or equivalent work experience
• 10+ years of experience in governance, risk, and compliance function with at least 3 years of people leadership experience
• Experience in security frameworks such as NIST CSF and HIPAA or HITRUST as well as regulatory compliance reporting for PCI and SOX.
• Experience managing risk and compliance function within a cloud computing environment.
• Experience working with compliance tracking technologies such as ServiceNow.
• Strong analytical, organization, time management, facilitation, and process management skills
• Demonstrated high level of written, verbal, and interpersonal skills to communicate technical and non-technical information, ideas, procedures, and processes.
• CISA, CGEIT, CISSP or CRISC certification preferred.

Employees at all levels are expected to:

• Understand our Operating Principles; make them the guidelines for how you do your job.
• Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
• Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
• Win as a team - make big things happen by working together and being open to new ideas.
• Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
• Drive results and growth.
• Respect and promote inclusion & diversity.
• Do what's right for each other, our customers, investors, and our communities.

Disclaimer:

This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications.

Comcast is an EOE/Veterans/Disabled/LGBT employer.

Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law. Comcast will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law, including the Los Angeles Fair Chance Initiative for Hiring Ordinance and the San Francisco Fair Chance Ordinance.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Relevant Work Experience

10 Years +

Salary:

National Pay Range: $105,500.68 USD-$247,267.22 USD

Comcast intends to offer the selected candidate base pay within this range, dependent on job-related, non-discriminatory factors such as experience.

Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.