Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast.

Job Summary

In this role:
You will review security controls and/or compliance measures associated with Third Party Providers contracted by Comcast.

Review the TPSA risk management process from start to finish while completing QA reviews for multiple risk assessments in parallel.
•
Ensure processes are properly defined and formally documented for consistent execution.
•
Validate compliance with Payment Card Industry (PCI) Data Security Standards (DSS), SOC reports and ISO27001 Certifications as needed during the Third Party security assessment.
•
Document risk exceptions when necessary and ensure they obtain proper approval.
•
Provide input to Legal on Third Party contracts as requested.
•
Obtain an understanding of Comcast’s third party tools used to monitor Third Parties.
•
Ensure Third Parties are properly decommissioned during the termination process to remove residual risk to Comcast.
•
Create weekly, monthly and ad-hoc reports as needed to represent Key Performance and Risk Indicators as they apply to the Third Party Security Assurance program.
•
Identify opportunities for process improvements to deliver increased operational efficiency in the process.
•
Participate in projects with a Third Party Security Assurance component and ensure they are delivered on time.
•
Participate in creating Business Requirements and User Acceptance Testing for enhancements to current tools such as ServiceNow.
•
Respond to internal business partners questions and provide awareness information on roles and responsibilities.
•
Review Third Party Provider contract revisions for compliance requirements
•
Write risk reports and work with vendors to implement remediation responses."

Job Description

Solid experience in reviewing SOC, ISO and PCI Reports.
•
Exposure to Technical skills including audit, business analysis, change management, IT Risk Management, operation systems and data sources knowledge, performance metrics and reporting, technical problem resolution, project management, and vendor management.
•
Must be able to communicate with all levels of management both at the bank and at the Third-Party Provider both written and verbally.
•
Information Security - Knowledge of information security principles, practices, and technologies to evaluate the security measures of third parties effectively.
•
Ability to work with 3rd parties – external communication, ability to influence and work with 3rd parties like vendors & partners (staff Aug., hardware, software, law firms, and other kind) both in USA and internationally.
•
Communication and Collaboration – Solid communication skills to work with internal stakeholders and third parties to ensure risk management processes are understood.
•
Adaptability and Learning - Given the evolving nature of risks, the ability to stay updated on emerging threats and adapt risk management strategies accordingly.
•
Documentation and Record Management: Maintaining accurate records of assessments, contracts, and risk management activities for auditing and reporting purposes.
•
Audit and Assessment Skills - Proficiency in conducting audits and vulnerability assessments and testing to evaluate the security posture of third parties.
•
Data Analysis - Analytical skills to assess data and reports related to third-party risk, enabling data-driven decision-making.
•
Exposure and basic understanding of the following risk domains/technologies:
o Database and application security
o System/Access Administration
o Infrastructure security / technologies
o Network Architecture
o Security Event Logging & Monitoring
o Key Management/Tokenization
o Database/Application/Network Layer Secure Protocols
o Physical and Environmental Security
o Secure Software/Code Development
o Change Management
o Vulnerability Management
What you can expect:
•
A cool and casual work environment with chances to showcase your skills.
•
A culture of innovation and continuous learning
•
Training, support, and mentoring to expand and evolve your expertise.
•
Opportunities to impact the security of Comcast products in millions of homes and businesses.
What we require:
•
Bachelor’s degree or equivalent. Interest in obtaining Risk Certification preferred.
•
5+ years of related experience.
•
4+ years within Vendor Review / Operational Review / Audit
Compliance Disclaimer:
•
Comcast is an EEO/AA/Drug Free Workplace.
•
Comcast NBCUniversal is an equal opportunity, Veterans, Disabled and LGBT employer.

Skills

We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.

Please visit the benefits summary on our careers site for more details.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Certifications (if applicable)

Relative Work Experience

5-7 Years

Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.

Security Engineer 3

Comcast

Job Description

About Company

Services you might be interested in

One-Shot Campaign