NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.

Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.

The Lead IT GRC Analyst will be a key team member within the NBCUniversal Cyber organization and shape, manage, and evolve NBCUniversal’s security governance framework while driving the development of secure configuration baselines across diverse technical environments. This role requires a unique blend of deep policy and governance framework understanding, hands-on technical collaboration, and proactive engagement to help define security governance throughout the lifecycle of small initiatives to large-scale programs. The ideal candidate brings a strong foundation in information security governance, hands-on technical collaboration, and the ability to translate security principles into actionable, business-friendly requirements.

Responsibilities:

Key areas of focus for the Cyber Governance Lead include maintaining the organization’s governance framework, designing and developing new cyber governance processes, and helping to design enterprise-scale policy.  The successful candidate will be responsible for the following activities: 

• Manage the organization’s security governance program, including participating in Cyber-led projects and programs to design and develop cyber governance processes.
• Maintaining an effective feedback loop with business partners – seeking and integrating business area feedback into cyber governance processes.
• Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders.
• Participate in development, review, and implementation of security policies, standards, procedures, and guidelines in alignment with industry frameworks (e.g., ISO 27001, NIST, CIS).
• Serve as point of contact for internal audits, certifications, and compliance initiatives related to policy and governance.
• Actively consult with stakeholders throughout the development lifecycle of small projects and large-scale programs to help establish, refine, and validate governance processes.
• Conduct technical assessments of configurations to ensure security effectiveness.
• Monitor regulatory changes and emerging risks to ensure policies remain compliant and adaptive to future threats.
• Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation.
• Provide hands-on technical control review to support guidance of enterprise configurations of tools like M365, Slack, Microsoft Defender for Cloud, etc.
• Design and develop GRC metrics including KPIs and KRIs.

Requirements:

• 4+ years of experience in information security, governance, risk, or compliance roles.
• Strong and proven communication (both verbal and written) and customer engagement skills with experience in briefing corporate executives and professionals.  
• Familiarity with industry standards and frameworks (e.g., NIST CSF, ISO 27001, CIS Benchmarks, SOC 2).
• Ability to read and interpret technical documentation and translate it into governance mandates.
• Strong analytical and communication skills with the ability to translate complex security concepts into business language.
• Experience performing system integration, system management, and configuring native controls in modern enterprise IT tooling.
• Experience working with technical teams to implement and validate secure configurations.
• Comfortable working in fast-paced, ambiguous, or evolving environments with a solution-oriented mindset.
• Ability to balance governance rigor with creativity and adaptability in a business-centric approach.
• Bachelor’s Degree in an IT related field and/or equivalent work experience. 

Desired Characteristics:

• Previous experience working in multiple large complex environments and specifically within the Governance, Risk, and Compliance functions. 
• Previous experience working in Governance, Risk, and Compliance functions in the media, entertainment, federal, and/or advanced technology industries.  
• Experience with other enterprise technologies (e.g., Active Directory/Azure AD, cloud platforms, configuration assessment tools)
• Experience with GRC platforms (e.g., OneTrust, ServiceNow GRC, Archer).
• Background working with legal, procurement, or privacy teams.
• Industry certifications such as CRISC, CISA, CISSP, or technical certifications (e.g., Microsoft 365 Certified, AWS Security Specialist) are a plus.

Additional Requirements: 

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $110,000 - $140,000 (bonus eligible)

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].

For LA County and City Residents Only:  NBCUniversal will consider for employment  qualified applicants with criminal histories, or arrest or conviction records, in a manner  consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.