Principal, Cybersecurity Eng 1

DIRECTV is seeking a seasoned cybersecurity leader to serve as Principal Cybersecurity Engineering with a focus on Governance Risk and Compliance. This is a high-impact role responsible for shaping and sustaining DIRECTVs cybersecurity posture across multiple critical domains. The ideal candidate will lead the development and enforcement of security policies manage third-party vendor risk drive security awareness initiatives and provide GRC expertise in support of mergers and acquisitions activity.

This role operates with a high degree of autonomy and serves as an escalation point and subject matter authority for complex GRC matters. The successful candidate will work cross-functionally with Legal Procurement HR and executive leadership including the CSO organization while also mentoring junior cybersecurity team members and driving program maturity across the enterprise.

Heres what youll do:

Governance Risk and Compliance Program Leadership

• Adapts and maintains DIRECTV security guidance policies and standards based on the NIST Cybersecurity Framework (CSF) ensuring alignment with DIRECTVs Official Security Standard (DOSS) and evolving regulatory and threat landscapes.
• Supports the implementation and ongoing oversight of GRC mechanisms including monitoring of control effectiveness compliance reporting and audit preparation activities.
• Contributes to the DIRECTV Security Governance Committee processes by providing GRC subject matter expertise and policy recommendations.
• Develops and maintains documentation supporting accurate regulatory compliance reporting and internal audit readiness.

Supplier Information Security Management

• Develops maintains and enforces Supplier Information Security Requirements (SISR) to ensure third-party vendors and partners meet DIRECTVs security standards.
• Manages ongoing supplier security relationships including conducting security assessments tracking remediation activities and escalating risk findings to appropriate stakeholders.
• Collaborates with Procurement Legal and business teams to embed security requirements into vendor contracts and onboarding processes.

Security Awareness and Phishing Simulation Program

• Designs executes and evaluates phishing simulation campaigns using Proofpoint and related security awareness platforms in alignment with DOSS requirements (GV-SAT-8).
• Analyzes simulation results and awareness assessment data to identify organizational risk trends and recommend targeted training interventions.
• Coordinates with HR and business units to ensure security awareness training is current relevant and completed by all required personnel (GV-SAT-2 GV-SAT-6).
• Develops communication strategies to promote security awareness across DIRECTV stakeholder groups (GV-SAT-7).

Mergers and Acquisitions Security Support

• Provides cybersecurity GRC support for M&A activities including pre-acquisition security due diligence risk assessments and post-merger security integration planning.
• Identifies and communicates security risks associated with target organizations and recommends risk mitigation strategies to leadership.
• Collaborates with cross-functional M&A teams to ensure security requirements are incorporated into integration roadmaps and timelines.

Security Project Engagement Leadership

• Leads security project engagements from initiation through completion coordinating with technical teams business stakeholders and external partners.
• Develops project plans tracks milestones manages risks and communicates status to senior leadership including the CSO organization.
• Provides expert guidance and mentoring to less experienced cybersecurity team members on GRC practices project execution and security standards.
• Serves as an escalation point for complex GRC-related security issues requiring senior expertise and decision-making authority.

What youll need to be successful:

Experience and Education

• 3 5 years of progressive experience in cybersecurity with a strong concentration in GRC.
• Bachelors degree in Cybersecurity Information Technology Computer Science or a related field preferred; advanced degree a plus.
• Demonstrated experience leading enterprise-level GRC programs in a complex matrixed organization.

Frameworks and Regulatory Knowledge

• Deep working knowledge of the NIST Cybersecurity Framework (CSF).
• Familiarity with regulatory compliance requirements relevant to the media and telecommunications industry.
• Experience developing and maintaining security policies standards and control documentation.

Third-Party and Vendor Risk Management

• Proven track record managing supplier information security programs including assessments remediation tracking and contract-level security requirements.
• Experience collaborating with Procurement and Legal teams to embed security into vendor lifecycle processes.

Security Awareness

• Hands-on experience designing and managing phishing simulation programs preferably using Proofpoint.
• Ability to analyze awareness program data and translate findings into targeted training strategies.
• Experience coordinating enterprise-wide security awareness campaigns across diverse stakeholder groups.

Mergers and Acquisitions

• Prior involvement in M&A cybersecurity due diligence risk assessments and post-merger integration planning is strongly preferred.

Project and Program Leadership

• Demonstrated ability to lead security projects from initiation through completion managing timelines risks and executive-level communications.
• Experience mentoring and developing cybersecurity professionals.

Certifications (Preferred)

• CISSP CISM CRISC or equivalent industry-recognized certification

May require a background check due to job duties requiring routine access to DIRECTV and DIRECTV customers proprietary data. Qualified applicants with arrest and conviction will be considered for employment in accordance with local ordinances and state law.

This is a remote position that can be located anywhere in the contiguous United States. #LI-Remote

A career with us comes with big rewards:

DIRECTVs compensation structure is designed to be market-competitive and fully supports efforts to attract and retain employees. It is the companys policy to offer pay that is competitive with other employers in the local market. Our salary ranges are determined by role level and location.

The Base Salary range displayed below reflects the minimum and maximum target salary for each of DIRECTVs 4 (four) US Labor Market Zones. Within the range individual pay is determined by work location and additional factors including job-related skills experience and relevant education or training.

DIRECTV WAGE ZONES: $122194 - $221818

Low (N1): $122194 - $183241

Mid (N2): $128625 - $192885

High (N3): $141488 - $212174

Top (N4): $147919 - $221818

Click HERE to review information on some of the largest Designated Market Areas (DMAs). Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the salary ranges reflect base salary only and do not include bonus or benefits - when you consider all of these together it represents a pretty impressive total compensation package.

Apply today!

Fair Chance Ordinance Notice for Los Angeles County applying for jobs at DIRECTV

Compliance Notice Regarding Use of Automated Decision-Making Tools in Hiring Process