About the position
NBCUniversal is seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to support various functions within the Security Assurance – Governance team. The ideal candidate will have a strong understanding of cybersecurity, vendor contracts, negotiation of third party security standards, and the ability support additional governance functions like 3rd Party Security Reviews.
Responsibilities
• Collaborate with business leadership, Legal, Procurement, and Cyber to review terms and conditions, ensuring vendor and client obligations are aligned with internal cyber controls
• Undertake research as needed when control or regulatory questions arise
• Track status of risk remediations in the risk register with business stakeholders
• Monitor completeness and sustainability of remediation efforts
• Educate and raise awareness on risks and controls
• Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders
• Contribute to enterprise IT Risk and Control awareness efforts
• Maintain deep understanding of organization wide objectives, interactions, issues and risks
• Stay abreast of current and emerging information risks, including current or proposed cyber legislation or control frameworks
• Perform other related duties and special projects, as assigned, to support evolving GRC and cybersecurity program needs
Requirements
• Bachelor's degree or equivalent experience.
• Minimum of 2 years of experience in IT Governance, Risk or Compliance functions
• Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, PCI, etc.
• Knowledge of contracting lifecycle
• Ability to work independently and in cross functional teams
• Strong analytic skills for problem analysis and resolution
• Experience in process management systems like Jira, Azure DevBoards, ServiceNow
• Experience with the MS office suite – Excel, PowerPoint, Word etc
• Strong written/verbal communication and organizational skills
Nice-to-haves
• Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements.
• Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture.
• Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align strategies and enterprise priorities.
• Industry certifications such as CRISC or CISA are a plus.
Benefits
• This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks.