Crown Castle

Apply for this job

Manager, Security Standards and Compliance (Project Management)



Position Title: Manager, Security Standards and Compliance (P4)

Company Summary: 

Crown Castle is the nation's largest provider of shared communications infrastructure: towers, small cells and fiber. It all works together to meet unprecedented demand—connecting people and communities and transforming the way we do business. Whenever you make a call, track a workout or stream music and videos, we're the ones providing the communications infrastructure that makes it all possible. From 5G and the internet of things to drones, autonomous vehicles and AR/VR, we enable the technologies that help people stay safe, connected and ready for the future.   Crown Castle is publicly traded on the New York Stock Exchange (CCI), is part of the S&P 500 and is one of the largest Real Estate Investment Trusts in the US.       

We offer a total benefits package and professional growth development for teammates in any stage of their career. Along with caring for our teammates, we're an active member in the communities where we live, work and do business. We have a responsibility to give back, which we do through our Connected by Good program. Giving back allows us to improve public spaces where people connect, promote public safety and advance access to education and technology. 

Position Summary:
The Manager, Security Standards and Compliance role serves as the security governance, risk, and compliance manager responsible for defining, implementing and leading a GRC function on the Enterprise Security team. This position will create the security risk and vulnerability strategy and provide cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e. SOC2, MRC, ISO27001, GDPR, CCPA, NIST, DPAs and state/local privacy laws) through strategy development, controls definition and assessment and process oversight.
Essential Job Functions
  • Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
  • Develop and manage an information security risk and vulnerability management program including development, evaluation, and adherence to multiple areas of practice
  • Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the NIST CSF Framework
  • Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
  • Identify, assess, manage, and track remediation of risks related to Digital Transformation / IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
  • Develop strong relationships with Crown Castle technology teams as well as Crown Castle business owners and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable
  • Liaise with all departments to identify, track and provide remediation guidance for new Digital Transformation and Crown Castle Fiber Engineering projects, services and/or third-party contracts in terms of information security assurance
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts
  • Develop security compliance strategy and approach and ensure compliance with MRC, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
  • Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
  • Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Oversee third party assessment standards and privileged user monitoring as a check on critical system access
  • Attend training seminars, conferences, and trade shows to broaden knowledge of current and future IT Security Operations issues and technologies.
  • Participate in 24x7 Enterprise Security Incident Response team.

Education/Certifications

  • Bachelor's degree in IT, Management, or Leadership related field

Experience/Minimum Requirements

  • Five (5) plus years of Cyber Security management work
  • Ten (10) plus years of Cyber Security experience
  • CISSP preferred
  • Strong knowledge of industry frameworks, such as ISO and NIST

Other Skills/Abilities 

  • Demonstrated progressive experience in the management of a technical support team
  • Proven track record of developing and providing Corporate Security Service Level Agreements
  • Solid relationship management and performance management skills
  • Ability to motivate and direct staff members and subordinates
  • Strong understanding of the organization's goals and objectives
  • Exceptional written and oral communication skills
  • Exceptional interpersonal skills, with a focus on listening and questioning skills
  • Strong documentation skills
  • Ability to conduct research into a wide range of computing issues as required
  • Ability to present ideas in user-friendly language to non-technical staff and end users
  • Keen attention to detail
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Exceptional customer service orientation
  • Experience working in a team-oriented, collaborative environment

Working Conditions: This is a remote role with the expectation of on-site/in-person collaboration with teammates and stakeholders for moments that matter. 

Compensation: The pay range offered for this position is $118,800 - $163,300 annually. A candidate's offer is determined by various factors including but not limited to, depth of experience, role-related knowledge and skills, relevant education or training, internal alignment, and work location. Depending on the position offered, the compensation package may also include incentive compensation opportunities in the form of a discretionary annual cash bonus or commissions, and equity incentives. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company's 401k plan. Employees will also receive a minimum of 18 days of paid time off each year and 12 paid holidays throughout the calendar year.

If you are interested in joining our team, please visit the Crown Castle careers site (crowncastle.com/careers) to apply. We do not accept resumes from agencies, headhunters, or other third-party suppliers who have not signed a formal agreement with us. This position will remain posted until filled.

Organizational Relationship      

Reports to:  CISO

Title(s) of direct reports (if applicable): Analysts  (2) 

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor. Information Technology

Apply

Apply Here done