Compliance Manager, Cyber Security
Englewood Cliffs, NJ

Job Description

Responsibilities

This position will be accountable for NBCUniversal's IT Compliance Program including the development, implementation, and continuous enhancement of the IT Risk & Control framework and its associated controls and reporting. Responsibilities also include the integration of risk and compliance concepts into broader strategic planning and risk identification and mitigation activities.

* Act as the second line of defense for IT compliance activities such as IT SOX 404, SOC, PCI, Privacy, Technology Internal audits and other technology assurance activities.
* Establish and execute IT compliance program in collaboration with multiple internal and external stakeholders, assess existing controls and identify new controls that need to be designed and implemented.
* Assist control owners and executives to remediate control weaknesses and address audit action plans for their groups and prepare for future audits.
* Monitor IT compliance posture relevant to each group and report monthly and quarterly (to various governance bodies).
* Understand unified control catalog, develop control guidance and deliver training to control owners.
* Support groups and enterprise initiatives with IT compliance requirements.
* Stay abreast of current and emerging information risks that could impact NBCU, including current or proposed cyber and privacy legislation. Educate teams and key stakeholders.

Qualifications/Requirements

* Bachelor's degree or equivalent
* Minimum of 5-7 years of experience in IT Governance, Risk and Compliance functions
* Deep understanding of IT Risk & Control Strategy and Governance concepts and professional standards
* Demonstrated experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media
* Project management experience with system implementations and other change events through a clearly defined methodology
* Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, CSA, GDPR, CCPA, etc.
* Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies
* Preferred certifications: CISA, CIPP, CRISC, CISSP, and/or CISM

Desired Characteristics

* Self-starter who can own all responsibilities with little to no supervision
* Experience in the development, implementation, and/or maintenance of a global enterprise IT risk and control framework
* Ability to communicate with various executives and stakeholders of every level
* Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities
* Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
* Experience supporting enterprise-wide technology initiatives
* Experience creating a risk-aware culture