The Program/Project Manager supports the management of PCI DSS and SOC2 audit activities, infrastructure roll-outs, and PoC resource planning. Working within the Comcast Business, Managed Enterprise Solutions (MES) team, this person will understand the contractual and regulatory requirements specified Internally and by our Business Customers to ensure that Comcast MES is able to meet them. This will require a broad understanding of the solutions being audited and the efforts necessary to provide evidence of achieving the required controls.
-Must have strong Project/Program Management Skills and current experience with both PCI DSS and SOC2 compliance.
-Must have strong Vendor relationship skills. Prefer familiarity with large consulting firms.
-Works with and organizes cross-functional teams with a variety of different responsibilities to include: Engineering, Compliance Teams, Legal, HR, Finance, Facilities, Accounting, Procurement, etc.
-Works with the Business Solutions/ Sales teams on RFIs/RFPs to ensure that proposals accurately describe the current state of controls for the solutions being offered.
-Work with multiple teams to ensure that contract language in such agreements doesn't overstate the technical and security controls of the company. Working with those teams to modify the language accordingly.
-Works with appropriate teams to ensure that contractually required audits/assessments, e.g. SOC2 and PCI (Service Provider) are performed. This includes working with the appropriate teams to obtain funding and resources to have these audits/assessments performed routinely.
-Working with technology solution teams, works to develop an inventory of 'evidence' that can be used to support our positon on the control environment.
-Working through Relationship Managers for the Business Customers, supports the on-going need for periodic questionnaires and/or on-site assessments.
-Develop a methodology to efficiently respond to RFI, RFP, questionnaires or other common inquiries that occur.
-Define SLA for overall program deliverables.
-Publish periodic program metrics (Continual Compliance Program) covering associated milestones, deliverables, and success criteria.
-Creates and builds annual program roadmaps.
-Identifies goals and successes criteria, drives the development and implementation of key goals, objectives, and successes criteria for the program with key stakeholders and core team. Raises conflicts and resolves with the appropriate level of management
-Determines the cost and budget; performs resource forecasting.
-Analyzes areas of risk to avoid risky activities by identifying and managing critical paths and risk areas. Establishes contingency plans and identifies trigger events and assumes responsibility for initiation corrective actions.
-Identifies and helps the team make program tradeoffs to balance scope, time, and costs. Ensures proper documentation.
-Tracks and manages the program schedule and upstream and downstream dependencies. Analyzes the actual performance against the plan and makes adjustments consistent with plan objectives. Drives action item resolution and track completion.
-Communicates updates on major milestones and keeps all stakeholders informed of progress and issues. Identifies and manages proposed changes to program parameters.
-Monitors and ensures quality of program deliverables. Leads core team and key field resources to develop and monitor deployment schedule, strategies, and tools.
-Consistent exercise of independent judgment and discretion in matters of significance.
-Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
-Other duties and responsibilities as assigned.
Education Level: Bachelor's Degree or Equivalent
Field of Study: Information Sciences, Technology
Certifications: CISSP, CRISC or CISM, PCIP, PMP
Years of Experience: Generally requires 10+ years working as a Program/Project manager with information security experience, including 5+ years of regulatory requirements and/or audit experience
-Advanced knowledge of network & systems in a large environment
-Ability to understand contracts and legal language
Compliance: Comcast is an EEO/AA/Drug Free Workplace.