Comcast Sr. Compliance Analyst in Wayne, Pennsylvania
Comcast Spotlight, the advertising sales division of Comcast Cable, helps put the power of cable to use for local, regional and national advertisers. It is focused on providing multi-platform marketing solutions to reach audiences most effectively and efficiently. Headquartered in New York with offices throughout the country, Comcast Spotlight has a presence in nearly 80 markets with approximately 35 million owned and represented subscribers.
Comcast Spotlight offers clients easy-to-buy, easy-to-execute options customized around their business goals. We work with clients to provide them with customized, multi-screen media marketing solutions that utilize our suite of products in the way that's best suited to meet their objectives. Our media solutions provide advertisers with the ability to reach, engage and connect with their customers viewing content on any device or screen.
Responsible for incorporating operational and compliance monitoring of security controls and policies, review of security logs, reconciling security events, escalation of security violations, risk assessment and risk management principles. Supports the IT Policy and Compliance office and provides technical and collaborative incident responses for IT Security Operations. Has in-depth experience, knowledge and skills in own discipline. Usually determines own work priorities. Acts as resource for colleagues with less experience.
- Oversees and assists with internal and external IT/security audit program development, coordination, and remediation. Coordinates internal/external vulnerability scans and assessments. Reviews results and tracks remediation.
- Ensures evidence collection methods are conducted, managed, and archived in a manner consistent with provided guidelines, to maintain preservation and protection of data and evidence
- Creates policies and procedures related to the Information Security processes. Provides security requirements support for new projects and technology initiatives.
- Inspects the state of IT security controls, routinely reviews security logs, responds to security alerts, reconciles security events, escalates policy violations, assists with IT forensic investigations, and inspects security configurations of IT systems.
- Identify opportunities for process and control improvement. Manage scoping, planning and execution of improvement tasks, including implementation of automation tools and techniques.
- Develops consistent and repeatable processes to increase efficiency of tasks and other requests. Summarizes investigation findings for higher-level investigators and/or management.
- Works diligently with other parties to ensure security and compliance issues are addressed and resolved in a timely fashion.
- Compiles metrics for information security incidents and requests to allow for trending to assist in reviews of current processes, identify awareness needs, and facilitate measurement of continuous improvement.
- Ensures security controls are properly administered and maintained. Participates in the implementation of IT security controls aiming at protecting company information assets. Performs regular risk analysis to proactively identify and assesses potential items of risk and opportunities of vulnerability in the IT environment.
- Maintains compliance programs, IT Exception reviews, audit comment closure, and continuous monitoring activities.
- Perform data analysis and validation testing on behalf of management to ensure Completeness & Accuracy of computer generated audit evidence.
- Develops, publishes, and communicates Security Operating procedures and guidelines along with IT policies and standards.
- Consistent exercise of independent judgment and discretion in matters of significance.
- Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
- Other duties and responsibilities as assigned.
- Generally requires 5-7 years related experience
- Bachelors Degree or Equivalent
- CISAcertification preferred. Other related certifications are a plus (ITIL foundations, CRISC, CGEIT, CISM, etc)
- 5-7 years of experience related to Regulatory/IT Audit SOX, PCI, and GDPR. Big 4 Audit Experience preferred.
- Understanding of technology control frameworks and methodologies such as COBIT, NIST, and ITIL.
- Kaizen, Six Sigma or other Process Improvement experience is a plus
Employees at all levels are expected to:
- Understand our Operating Principles; make them the guidelines for how you do your job
- Own the customer experience-think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services
- Know your stuff-be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences
- Win as a team-make big things happen by working together and being open to new ideas
- Be an active part of the Net Promoter System-a way of working that brings more employee and customer feedback into the company-by joining huddles, making call backs and helping us elevate opportunities to do better for our customers
- Drive results and growth
- Respect and promote inclusion and diversity
- Do what's right for each other, our customers, investors and our communities
Comcast is an EOE/Veterans/Disabled/LGBT employer