Principal, Cybersecurity Eng 1

About The Position

Requirements

• 3 – 5 years of progressive experience in cybersecurity with a strong concentration in GRC.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field preferred; advanced degree a plus.
• Demonstrated experience leading enterprise-level GRC programs in a complex, matrixed organization.
• Deep working knowledge of the NIST Cybersecurity Framework (CSF).
• Familiarity with regulatory compliance requirements relevant to the media and telecommunications industry.
• Experience developing and maintaining security policies, standards, and control documentation.
• Proven track record managing supplier information security programs, including assessments, remediation tracking, and contract-level security requirements.
• Experience collaborating with Procurement and Legal teams to embed security into vendor lifecycle processes.
• Hands-on experience designing and managing phishing simulation programs, preferably using Proofpoint.
• Ability to analyze awareness program data and translate findings into targeted training strategies.
• Experience coordinating enterprise-wide security awareness campaigns across diverse stakeholder groups.
• Prior involvement in M&A cybersecurity due diligence, risk assessments, and post-merger integration planning is strongly preferred.
• Demonstrated ability to lead security projects from initiation through completion, managing timelines, risks, and executive-level communications.
• Experience mentoring and developing cybersecurity professionals.

Nice To Haves

• Advanced degree a plus.
• CISSP, CISM, CRISC, or equivalent industry-recognized certification.
• May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customer’s proprietary data.

Responsibilities

• Adapts and maintains DIRECTV security guidance, policies, and standards based on the NIST Cybersecurity Framework (CSF), ensuring alignment with DIRECTV's Official Security Standard (DOSS) and evolving regulatory and threat landscapes.
• Supports the implementation and ongoing oversight of GRC mechanisms including monitoring of control effectiveness, compliance reporting, and audit preparation activities.
• Contributes to the DIRECTV Security Governance Committee processes by providing GRC subject matter expertise and policy recommendations.
• Develops and maintains documentation supporting accurate regulatory compliance reporting and internal audit readiness.
• Develops, maintains, and enforces Supplier Information Security Requirements (SISR) to ensure third-party vendors and partners meet DIRECTV's security standards.
• Manages ongoing supplier security relationships, including conducting security assessments, tracking remediation activities, and escalating risk findings to appropriate stakeholders.
• Collaborates with Procurement, Legal, and business teams to embed security requirements into vendor contracts and onboarding processes.
• Designs, executes, and evaluates phishing simulation campaigns using Proofpoint and related security awareness platforms in alignment with DOSS requirements (GV-SAT-8).
• Analyzes simulation results and awareness assessment data to identify organizational risk trends and recommend targeted training interventions.
• Coordinates with HR and business units to ensure security awareness training is current, relevant, and completed by all required personnel (GV-SAT-2, GV-SAT-6).
• Develops communication strategies to promote security awareness across DIRECTV stakeholder groups (GV-SAT-7).
• Provides cybersecurity GRC support for M&A activities, including pre-acquisition security due diligence, risk assessments, and post-merger security integration planning.
• Identifies and communicates security risks associated with target organizations and recommends risk mitigation strategies to leadership.
• Collaborates with cross-functional M&A teams to ensure security requirements are incorporated into integration roadmaps and timelines.
• Leads security project engagements from initiation through completion, coordinating with technical teams, business stakeholders, and external partners.
• Develops project plans, tracks milestones, manages risks, and communicates status to senior leadership including the CSO organization.
• Provides expert guidance and mentoring to less experienced cybersecurity team members on GRC practices, project execution, and security standards.
• Serves as an escalation point for complex GRC-related security issues requiring senior expertise and decision-making authority.

Benefits

• DIRECTV's compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees.
• It is the company's policy to offer pay that is competitive with other employers in the local market.
• Our salary ranges are determined by role, level, and location.
• The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTV's 4 (four) US Labor Market Zones.
• Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
• The salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together, it represents a pretty impressive total compensation package.