Senior Consultant, Technology Audit- Security
Philadelphia , Pennsylvania
October 22, 2017

Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast.

Senior Consultant, Technology Audit (Security) Comcast Assurance and Advisory Team

The Comcast Assurance and Advisory Team (CAAT) is a partner to Comcast's individual businesses including Comcast Cable and NBCUniversal. CAAT performs projects (engagements) year-round to help these groups understand and manage risks to their business and technology. CAAT is a diverse group looking for strategic thinkers and analytical problem-solvers who have a strong desire to grow their careers within a world-class organization. CAAT promotes a culture of integrity, encourages professional development, and provides career path options both within the CAAT department and into Comcast's various business units.
The Senior Consultant plays an active role throughout all stages of an audit engagement, applying an analytical mindset to make a meaningful business impact. A Senior Consultant will demonstrate professional curiosity, a continuous improvement mindset, and the desire and aptitude to rapidly learn new skills. Individuals in this role are comfortable with changes in workload and focus of work, and modify actions to suit business needs. The candidate will also exemplify the highest degree of trust and integrity by continually upholding the principles of professional standards.

Primary Responsibilities:
The Security Senior Consultant's primary responsibilities will be focused on executing engagements covering several areas, including:
-Security Policy, Governance, and Risk Assessment
-Access and Authentication Management
-Threat and Vulnerability Management
-Security Threat Intelligence
-Incident Response Management
-Data Privacy

Senior Consultants are active members of the engagement team throughout each phase (i.e., planning, execution, reporting). With our quarterly engagement cadence and focus on diversifying our talent, Senior Consultants gain broad exposure to our businesses and processes through performance of the following responsibilities:

-Operates within a team or independently to conduct audit engagements across technology areas, which may cover business units from Comcast Corporate, Comcast Cable, and NBCUniversal. Out-of-town travel approximately 25-35%.

-Planning: Assists the team in identifying the project scope and key milestones, which includes researching background information, evaluating metrics, assessing risks, identifying scope areas and designing innovative test procedures. Participates in presenting project plan to CAAT and Business Leadership.

-Execution: Works within assigned scope area to develop and document lines of inquiry and testing procedures and may provide support to junior staff. With manager oversight, interacts with all levels of management and Company employees to fully investigate scope area. Performs testing and works with team to develop impactful audit findings.

-Reporting: Communicates findings by assisting team in developing an Audit Report, which includes recommendations and action plans developed with Business Management. Participates in presenting the Audit Report to CAAT and Business Leadership.

-Development: Uses resources available to develop audit and business skills. Identifies opportunities for improvement to audit methodology, tools, and training. Actively participates in CAAT, Comcast, and other external community activities and service.

Core Responsibilities:
-Stay abreast of current and emerging security risks that could impact the Company.
-Actively participate in engagement planning, execution, and reporting activities including:
-Researching new technologies, understanding existing processes, and referencing recognized security frameworks (e.g. NIST Cybersecurity, ISO 27x, etc.)
-Interfacing with our clients to identify and understand potential risk areas
-Contributing to the definition of final engagement scope
-Documenting meeting minutes
-Analyzing documentation, process information, technical configurations, or other client provided information and documenting the results of analysis
-Clearly articulating the status and results of work performed, both verbal and in written form, to internal management and the client
-Operates effectively and with minimal supervision, if needed, within a team or independently.
-Pursues continuous professional development through internal/external training, certifications and/or continuing education.
-Shares knowledge gained through previous experience and engagements performed with other staff members.
-Conducts interviews, performs controls testing, and documents results.
-Proactively pursues additional industry and business knowledge through training, continuing education, and certifications.
-Develops responsibilities with regards to supervising, coaching, and leading teams as well as individual team members.
-Assists the Supervisor and Manager with developing an approach for each audit including implementing a risk-based approach for each audit, scoping the level of effort associated with each area.
-Evaluates procedures, system controls, security measures, and verification procedures. Benchmarks and assesses controls in 'non-standard' IT Audit areas including Asset Management, and Operational and Incident Management.
-Develops responsibilities with regards to supervising, coaching, and leading teams as well as individual team members.
-Evaluates recommended control gaps and clearly communicates associated risk(s) and recommendation(s) to IA management through written reports and presentations.
-Develops detailed audit reports which summarizes and prioritizes noted control gaps into executive communication points. Operates financial enterprise management software packages.
-Demonstrates a consistently strong work ethic and leads by example on audit projects.
-Participates in planning meetings with Internal Audit management and Company management to assess risks across a variety of technologies including Windows and Unix Operating Systems, databases, financial and operational processing applications, and network devices.
-Performs special projects and related duties, as assigned.
-Consistent exercise of independent judgment and discretion in matters of significance.
-Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
-Other duties and responsibilities as assigned.

Educational, experience, and skill requirements:
-Bachelor's Degree or Equivalent in Information Security, Computer Science, MIS, or a related Engineering discipline with solid academic credentials.
-Generally requires 5-7 years of experience.
-Minimum of 3-5 years of experience in IT audit, consulting or compliance focusing on Information Security is preferred.
-Solid foundational understanding of infrastructure components, including: servers, operating systems, data storage (e.g., SANs, databases), directory services (Active Directory), and networking concepts/protocols.
-Working experience and/or technical knowledge of security technologies such as those related to Access Management, Logging and Monitoring, Vulnerability Management, and other security related processes (e.g. HP Arcsight, Qualys, etc.)
-Working experience and/or technical knowledge of virtualization/cloud/mobile technology (e.g., VMware, Open-Stack, Microsoft, IaaS, PaaS, SaaS, MDM platforms).
-Familiarity with security risk frameworks including, but not limited to: ISO 27000, NIST SP800 Series, COBIT, PCI-DSS, and HIPAA.
-Understanding of programming languages, such as Perl and Python a plus.
-Understanding of data privacy principals a plus.
-Demonstrated ability to work in a complex, dynamic, and fast-paced environment with strong inherent project execution skills, including: prioritizing tasks, balancing workload between multiple projects, anticipating next steps, adapting to changing situations and project scope.
-Willingness and genuine desire to tackle new areas and consistently challenging topics.
-Able to quickly grasp complex subject matter (both technical and business processes) and apply strong analytical skills and business orientation to assessing processes, risks and controls
-Strong interpersonal skills required, including: written and verbal communications, willingness to assist in areas outside of direct assignments when necessary, and commitment to self-improvement and completion of team objectives.
-Professional certification is a plus (e.g., CISSP, CIA, CompTIA, SANS GIAC, etc.).
-Proficient in use of Microsoft Office suite (e.g., Excel, PowerPoint, Visio).

Comcast is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Comcast via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Comcast HR/Recruitment will be deemed the sole property of Comcast. No fee will be paid in the event the candidate is hired by Comcast as a result of the referral or through other means.

Comcast is an EOE/Veterans/Disabled/LGBT employer

A little about us:
Comcast brings together the best in media + technology. We drive innovation to create the world's best entertainment and online experiences.

Know someone who would be interested in this job? Share it with your network.