Staff Enterprise GRC Applications Analyst
Englewood Cliffs, NJ, United States
Company Description
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.
Job Description
NBCUniversal Cyber Security is seeking a motivated individual for the role of Staff Enterprise Applications Analyst within the Governance, Risk and Compliance (GRC) Team. This position provides advanced technical and thought leadership within a major functional area reporting to the Director, IT GRC.
The qualified candidate will lead complex initiatives, providing technical guidance and mentoring to other team members, ensuring technical excellence in the following areas: GRC applications development, dashboards, metrics, and data science. This role requires strong application and process development experience as well as stakeholder relationship building.
This thought leader will be helping enhance operations and long-range plans with the GRC organization. This role:
- Provides technical leadership in development of processes for solutions across GRC and in alignment with business and cyber technology objectives
- Demonstrates expert knowledge of GRC concepts, processes, and tools, including technical integrations
- Identifies use cases for technical capabilities and customer requirements
- Conducts hands-on evaluations of existing or proposed GRC solutions
- Leads activities in the development of new GRC solutions, its technical integrations through API development, and supporting processes
- Demonstrates experience in capturing requirements and leading the development of a GRC workflow tool, including planning, design, development, testing, implementation, and ongoing support
- Subject Matter Expert in a GRC platform, conducting hands-on leadership in the implementation and configuration of the solution
- Assists in the design and manages the reference/process architectures supporting the GRC tool, risk processes/tracking/acceptance, control framework mapping
- Develops data driven Key Performance and Risk Indicator dashboards
- Develops integrations from other tools to collect metrics that inform executives’ risk and compliance position
- Actively builds and strengthens relationships with key stakeholders as a lead contributor towards the GRC strategy
- Skilled at communicating complex technical information to customers and teams with varying levels of technical understanding
Qualifications
- 5+ years of work experience in IT/GRC with direct responsibility for GRC/ERM tools (RSA Archer, MetricStream, SAP GRC, etc.)
- 2+ years developing API integrations
- 2+ years of work experience developing reports and actionable metric dashboards for executive visibility and enhanced operations
- Bachelor’s Degree in Computer Science/Engineering/Information Security preferred or equivalent combination of education and relevant experience.
- Ability to evaluate risks, understand control and develop governance processes to support the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions.
- Knowledge of common information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, CIS and NIST.
- Knowledge and understanding of relevant legal, regulatory and privacy requirements.
- Strong project management experience.
- Ability to work collaboratively and effectively with a cross-section of the IT and Cyber teams and business organizations to implement information security standards and initiatives.
- Solid knowledge of API frameworks
- Proficient in programming languages relevant to web and API development, such as Python, Java, JavaScript, Ruby, PHP, C#, and Go.
- Willingness and ability to explore and use new systems, standards, and protocols
- Must be able to apply API design principals to create the best solution for the organization
- Be able to optimize resource access and iterate on existing design
- Understanding the threat driven methodologies, SDLC, threat modeling and attack trees.
- Ability to clearly present complex and technical concepts and techniques to others.
- Excellent written and spoken communication skills.
- Effective in building partnerships with organizational leaders and influencing senior management.
- Ability to manage multiple projects with changing/shifting/dynamic priorities.
Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $110,000 - $130,000 (bonus eligible)
Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision.
NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com.
For LA County and City Residents Only: NBCUniversal will consider for employment
qualified applicants with criminal histories, or arrest or conviction records, in a manner
consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance
Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.
Job Profile
Fully remote
Benefits/PerksCompany sponsored benefits Dental Discounts Discounts and perks Fully remote Inclusion initiatives Inclusive culture Medical Other discounts and perks Paid leave Tuition reimbursement Vision Insurance
Tasks- Build stakeholder relationships
- Capture requirements
- Develop GRC solutions
- Lead GRC initiatives
- Provide technical guidance
API API design API Development Application Development Business C Communication Compliance Computer Science Configuration Control framework mapping Cyber Security Dashboards Data Science Design Engineering Go Governance GRC applications GRC workflow tool Information security Java Javascript Key Performance Indicators Leadership Mentoring Modeling NIST Organization Organizational Planning Process Development Programming Project Management Python Relationship building Reporting Risk indicators Risk processes SAP SAP GRC SDLC Security Stakeholder relationship building Technical Excellence Technical Integrations Technical Leadership Technology Testing Threat modeling Workflow
Experience5 years
EducationBachelor Business Computer Science Data Science Design Engineering Information Security IT
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9