We are looking for an experienced cybersecurity technologist and leader to help lead Comcast's Product Security and Privacy practice. This leader will collaborate with the organization's key stakeholders and the broader Comcast community to develop and deliver upon a security strategy to identify and address areas of risk and ensure the protection of customer and internal data. She/he will demonstrate their technical expertise and business sense to define objectives, and establish priorities, and appropriate milestones in the development and management of the strategy, specifically Vulnerability Management. This leader should have broad experience within a number of areas related to technology and cyber security. He/She will use a collaborative approach in influencing senior leadership and their teams in the prioritization of security remediation, and be comfortable in a fast paced technical environment. This individual will be a forward-thinking security leader who is dedicated to a rigorous and thoughtful approach to security that is able to be implemented at scale.
- Drive/create the approach to information security that addresses potential vulnerabilities within software product development, software supply chain, technology partnerships and ecosystem
- Drive vulnerability management operations across Comcasts' expansive footprint to ensure timely remediation. This includes asset management, scanning, patch management, vulnerability assessment/tracking, remediation engineering and reporting.
- Remain ahead of the curve in terms of security engineering/security related technology and tools.
- Oversight for reporting on metrics, KPIs and SLAs.
- Establish and drive processes for elevated threat response when a particular vulnerability requires specific attention/oversight.
- Assist in the integration and use of threat intelligence in the vulnerability management process
- Establish, drive and optimize vulnerability management processes such as exceptions and extensions.
- The ideal candidate will be an experienced security technology leader with strong business insight. This person should have a passion for leading/influencing teams, improving processes and identifying/executing new secure engineering practices that drive product security innovation.
- A proven track record delivering on a transformation and implementation of a secure engineering best-practices throughout the product development process.
- This executive will have a solid grasp in all aspects of security disciplines, demonstrated success with mitigating risks and security threats with solutions that are cost effective, compliant, flexible, and as transparent as possible.
- The ability to empower, collaborate, motivate trust and confidence for his/her security change management program to win the confidence of key partners in a matrixed environment.
- Deep domain expertise in the areas of vulnerability management, info security, threat modeling, secure development life cycle, Public Key Infrastructure (PKI), secure engineering practices, and related emerging standards.
- 10+ years of experience in a secure product engineering, software security product development, and/or software/hardware product security with 5+ years of leadership experience.
- Shown ability to communicate with technology and business leaders. Outstanding oral and written communication skills.
- Bachelor's degree in related field, master's preferred.
- Advanced security certifications (CISSP, CSSLP, OSWE, CASS, GPEN, CEH or CISM) are appreciated.
Comcast is an EOE/Veterans/Disabled/LGBT employer