Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast.
Job Summary
Can you learn quickly while interacting with colleagues, end users and Third-Party
contacts across all Comcast line of business all while having fun.
Are you analytical with a focus for details. Do you like to learn about risk
management frameworks like ISO. NIST 800-53 while working with workflow tools
such as ServiceNow?
Do you like to work in a dynamic environment with a lot of interaction on a day-to
day basis with people all across the Comcast national footprint?
If yes, we want to hear from you!
Job Description
• Review the TPSA risk management process from start to finish while completing QA reviews for multiple risk assessments in parallel. • Ensure processes are properly defined and formally documented for consistent execution. • Validate compliance with Payment Card Industry (PCI) Data Security Standards (DSS), SOC reports and ISO27001 Certifications as needed during the Third Party security assessment. • Document risk exceptions when necessary and ensure they obtain proper approval. • Provide input to Legal on Third Party contracts as requested. • Obtain an understanding of Comcast’s third party tools used to monitor Third Parties. • Ensure Third Parties are properly decommissioned during the termination process to remove residual risk to Comcast. • Create weekly, monthly and ad-hoc reports as needed to represent Key Performance and Risk Indicators as they apply to the Third Party Security Assurance program. • Identify opportunities for process improvements to deliver increased operational efficiency in the process. • Participate in projects with a Third Party Security Assurance component and ensure they are delivered on time. • Participate in creating Business Requirements and User Acceptance Testing for enhancements to current tools such as ServiceNow. • Respond to internal business partners questions and provide awareness information on roles and responsibilities. • Review Third Party Provider contract revisions for compliance requirements • Write risk reports and work with vendors to implement remediation responses. Technical Expertise Required: • Solid experience in reviewing SOC, ISO and PCI Reports. • Exposure to Technical skills including audit, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management. • Must be able to communicate with all levels of management both at the bank and at the Third-Party Provider both written and verbally. • Information Security - Knowledge of information security principles, practices, and technologies to evaluate the security measures of third parties effectively. • Ability to work with 3rd parties – external communication, ability to influence and work with 3rd parties like vendors & partners (staff Aug., hardware, software, law firms, and other kind) both in USA and internationally. • Communication and Collaboration – Solid communication skills to work with internal stakeholders and third parties to ensure risk management processes are understood. • Adaptability and Learning - Given the evolving nature of risks, the ability to stay updated on emerging threats and adapt risk management strategies accordingly. • Documentation and Record Management: Maintaining accurate records of assessments, contracts, and risk management activities for auditing and reporting purposes. • Audit and Assessment Skills - Proficiency in conducting audits and vulnerability assessments and testing to evaluate the security posture of third parties. • Data Analysis - Analytical skills to assess data and reports related to third party risk, enabling data-driven decision-making. • Exposure and basic understanding of the following risk domains/technologies: o Database and application security o System/Access Administration o Infrastructure security / technologies o Network Architecture o Security Event Logging & Monitoring o Key Management/Tokenization o Database/Application/Network Layer Secure Protocols o Physical and Environmental Security o Secure Software/Code Development o Change Management o Vulnerability Management
Comcast is an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.
Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That?s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality ? to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.
Education
Bachelor's Degree
While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.
Relevant Work Experience
2-5 Years
