Principal, Cybersecurity Eng 1

DIRECTV is seeking a seasoned cybersecurity leader to serve as Principal, Cybersecurity Engineering with a focus on Governance, Risk, and Compliance. This is a high-impact role responsible for shaping and sustaining DIRECTV's cybersecurity posture across multiple critical domains. The ideal candidate will lead the development and enforcement of security policies, manage third-party vendor risk, drive security awareness initiatives, and provide GRC expertise in support of mergers and acquisitions activity. This role operates with a high degree of autonomy and serves as an escalation point and subject matter authority for complex GRC matters. The successful candidate will work cross-functionally with Legal, Procurement, HR, and executive leadership, including the CSO organization, while also mentoring junior cybersecurity team members and driving program maturity across the enterprise. Here's what you'll do: Governance, Risk, and Compliance Program Leadership * Adapts and maintains DIRECTV security guidance, policies, and standards based on the NIST Cybersecurity Framework (CSF), ensuring alignment with DIRECTV's Official Security Standard (DOSS) and evolving regulatory and threat landscapes. * Supports the implementation and ongoing oversight of GRC mechanisms including monitoring of control effectiveness, compliance reporting, and audit preparation activities. * Contributes to the DIRECTV Security Governance Committee processes by providing GRC subject matter expertise and policy recommendations. * Develops and maintains documentation supporting accurate regulatory compliance reporting and internal audit readiness. Supplier Information Security Management * Develops, maintains, and enforces Supplier Information Security Requirements (SISR) to ensure third-party vendors and partners meet DIRECTV's security standards. * Manages ongoing supplier security relationships, including conducting security assessments, tracking remediation activities, and escalating risk findings to appropriate stakeholders. * Collaborates with Procurement, Legal, and business teams to embed security requirements into vendor contracts and onboarding processes. Security Awareness and Phishing Simulation Program * Designs, executes, and evaluates phishing simulation campaigns using Proofpoint and related security awareness platforms in alignment with DOSS requirements (GV-SAT-8). * Analyzes simulation results and awareness assessment data to identify organizational risk trends and recommend targeted training interventions. * Coordinates with HR and business units to ensure security awareness training is current, relevant, and completed by all required personnel (GV-SAT-2, GV-SAT-6). * Develops communication strategies to promote security awareness across DIRECTV stakeholder groups (GV-SAT-7). Mergers and Acquisitions Security Support * Provides cybersecurity GRC support for M&A activities, including pre-acquisition security due diligence, risk assessments, and post-merger security integration planning. * Identifies and communicates security risks associated with target organizations and recommends risk mitigation strategies to leadership. * Collaborates with cross-functional M&A teams to ensure security requirements are incorporated into integration roadmaps and timelines. Security Project Engagement Leadership * Leads security project engagements from initiation through completion, coordinating with technical teams, business stakeholders, and external partners. * Develops project plans, tracks milestones, manages risks, and communicates status to senior leadership including the CSO organization. * Provides expert guidance and mentoring to less experienced cybersecurity team members on GRC practices, project execution, and security standards. * Serves as an escalation point for complex GRC-related security issues requiring senior expertise and decision-making authority. What you'll need to be successful: Experience and Education * 3 - 5 years of progressive experience in cybersecurity with a strong concentration in GRC. * Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field preferred; advanced degree a plus. * Demonstrated experience leading enterprise-level GRC programs in a complex, matrixed organization. Frameworks and Regulatory Knowledge * Deep working knowledge of the NIST Cybersecurity Framework (CSF). * Familiarity with regulatory compliance requirements relevant to the media and telecommunications industry. * Experience developing and maintaining security policies, standards, and control documentation. Third-Party and Vendor Risk Management * Proven track record managing supplier information security programs, including assessments, remediation tracking, and contract-level security requirements. * Experience collaborating with Procurement and Legal teams to embed security into vendor lifecycle processes. Security Awareness * Hands-on experience designing and managing phishing simulation programs, preferably using Proofpoint. * Ability to analyze awareness program data and translate findings into targeted training strategies. * Experience coordinating enterprise-wide security awareness campaigns across diverse stakeholder groups. Mergers and Acquisitions * Prior involvement in M&A cybersecurity due diligence, risk assessments, and post-merger integration planning is strongly preferred. Project and Program Leadership * Demonstrated ability to lead security projects from initiation through completion, managing timelines, risks, and executive-level communications. * Experience mentoring and developing cybersecurity professionals. Certifications (Preferred) * CISSP, CISM, CRISC, or equivalent industry-recognized certification May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer's proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law. This is a remote position that can be located anywhere in the contiguous United States. #LI-Remote A career with us comes with big rewards: DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the company's policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role, level, and location. The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. DIRECTV WAGE ZONES: $122,194 - $221,818 Low (N1): $122,194 - $183,241 Mid (N2): $128,625 - $192,885 High (N3): $141,488 - $212,174 Top (N4): $147,919 - $221,818 Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package. Apply today! Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTVCompliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process