Service Control Assurance Lead

  • 904 Sylvan Ave, Englewood Cliffs, NJ
  • Full-time
  • Business Segment: Operations & Technology

Company Description

NBCUniversal owns and operates over 20 different businesses across 30 countries including a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, world-renowned theme parks and a premium ad-supported streaming service.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. We strive to foster a diverse and inclusive culture where our employees feel supported, embraced and heard. We believe that our workforce should represent the communities we live in, so that together, we can continue to create and deliver content that reflects the current and ever-changing face of the world. Click here to learn more about Comcast NBCUniversal’s commitment and how we are making an impact.

Job Description

The Assurance/Compliance Lead manages SOX and PCI Compliance as well as being the focal point for our Global Audit teams will be responsible for ensuring compliance with regulatory and industry mandates such as SOX and PCI as they pertain to the information technology components of the company. The role will include managing day to day aspects including scoping, identifying key controls, implementing controls, overseeing the quarterly and annual review exercises, documenting the artefacts and the evidence and partnering with auditors and IT and business owners to complete the assessments.
Reporting to the Director, Data Operations & Governance you will be working with a variety of teams, internal and external to leverage information and ensure the processes and accountability are in place to deliver successfully. 

Information technology plays a key role in our ability to provide these services around the globe and our compliance related data ensures that all the information pertaining to our organization is audit, trackable and a trusted source of truth and providing insight.
Insight and analytics from the data as well as demonstrating overall data health and compliance will be a key element of this role with the ability to impact budget and 3rd party services and the overall compliance of our systems and organization

  • Design, document and oversee the implementation of IT General Controls (ITGC) to ensure compliance with the Sarbanes Oxley (SOX) act
  • Identify and validate key controls to address IT and business risks and work with various teams to address identified deficiencies.  Establish processes to support the controls and ensure that control self-assessments are conducted in a timely manner ensuring completeness and accuracy
  • Direct and manage the effort to ensure compliance with the PCI Data Security Standard (PCI-DSS).  Ensure that all controls of the PCI-DSS are implemented and monitored through the course of the year
  • Support and if required perform audits of third parties such as vendors, services providers, consulting organizations
  • Facilitate assessment and audits by internal and external auditors and assessors of IT or information security programs
  • Develop a Center of Excellence (COE) around the overall compliance & governance surrounding Site Reliability Engineering (SRE)
  • Support SRE by creating the standards, measuring the product/services, and working to continually improve the stability and experience of our clients and customers
  • Compliance of operational & technical documents and standards
  • Establishing Service-level agreements (SLAs), Service-level indicators (SLI), and Service-level objectives (SLO) and assuring adherence
  • Establish & Govern KPIs - Availability, uptime, latency, and system throughput
  • Lead and facilitate compliance with the upcoming European Union Privacy Law - EU-GDPR
  • Ensure that appropriate documentation in the form of policies, standards and procedures is created and managed to support the various security, compliance and audit requirements
  • System Critical Dependency Review - Review of systemically critical dependencies in the system
  • Risk Management - How SRE manages reliability and where to spot risk
  • Endorse and support a compliance culture whereby employees are encouraged to seek clarifications and support for the company’s compliance initiatives while providing guidance and support to IT and business to ensure continued compliance with the various mandates
  • Interact daily with the Information Technology teams, the Managed Infrastructure Services provider (onshore and offshore), assessors, auditors, consultants/advisors, law enforcement agencies and professional organizations, IT Vendor Management Organization, IT Project Management Office, and various contracted IT resources. Meet frequently with various business units to assess and evaluate information security and compliance services
  • Must be able to build relationships with technology and business teams across the company and have an outgoing personality (a MUST for this position)
  • Perform executive dashboards & read-outs

  • Bachelors or Master's degree in a computer or information management field
  • Either CISSP, CISA or CISM preferred
  • Demonstrated experience in implementing compliance framework such as COSO, COBIT and ISO 27001 etc.
  • Intimate understanding of Sarbanes Oxley (SOX Compliance requirements and IT General Controls
  • Thorough knowledge of PCI related standards including PCI-DSS, PA-DSS, ASV guidelines and other support documents
  • Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption and key management, logging and monitoring and application security
  • Familiarity with cloud based environments and technologies with associated auditing methodologies
  • Experience in an information security compliance, audit or risk management role with hands on experience in a multitude of compliance initiatives including but not limited to
  • ISO27001


• Must submit an attestation disclosing your COVID-19 vaccination status and, if partially or fully vaccinated, submitting your vaccination record no later than 7 days following commencement of employment.
• Must be fully vaccinated against COVID-19 at the commencement of employment or adhere to enhanced protocols in select work settings or where jurisdictionally mandated.
• Must be willing to adhere to all Company COVID-19 workplace safety policies and protocols.

Additional Information

NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access as a result of your disability. You can request reasonable accommodations in the US by calling 1-818-777-4107 and in the UK by calling +44 2036185726.

Privacy Policy