About
Job Description
Responsibilities
This position will be accountable for NBCUniversal's IT Compliance Program including the development, implementation, and continuous enhancement of the IT Risk & Control framework and its associated controls and reporting. Responsibilities also include the integration of risk and compliance concepts into broader strategic planning and risk identification and mitigation activities.
* Act as the second line of defense for IT compliance activities such as IT SOX 404, SOC, PCI, Privacy, Technology Internal audits and other technology assurance activities.
* Establish and execute IT compliance program in collaboration with multiple internal and external stakeholders, assess existing controls and identify new controls that need to be designed and implemented.
* Assist control owners and executives to remediate control weaknesses and address audit action plans for their groups and prepare for future audits.
* Monitor IT compliance posture relevant to each group and report monthly and quarterly (to various governance bodies).
* Understand unified control catalog, develop control guidance and deliver training to control owners.
* Support groups and enterprise initiatives with IT compliance requirements.
* Stay abreast of current and emerging information risks that could impact NBCU, including current or proposed cyber and privacy legislation. Educate teams and key stakeholders.
Qualifications/Requirements
* Bachelor's degree or equivalent
* Minimum of 5-7 years of experience in IT Governance, Risk and Compliance functions
* Deep understanding of IT Risk & Control Strategy and Governance concepts and professional standards
* Demonstrated experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media
* Project management experience with system implementations and other change events through a clearly defined methodology
* Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, CSA, GDPR, CCPA, etc.
* Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies
* Preferred certifications: CISA, CIPP, CRISC, CISSP, and/or CISM
Desired Characteristics
* Self-starter who can own all responsibilities with little to no supervision
* Experience in the development, implementation, and/or maintenance of a global enterprise IT risk and control framework
* Ability to communicate with various executives and stakeholders of every level
* Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities
* Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
* Experience supporting enterprise-wide technology initiatives
* Experience creating a risk-aware culture