Director, Cyber Security Engineering - AI

Summary

Join NBCUniversal as the Director of Security Engineering for AI and lead security consulting engagements across various NBCU businesses. You will collaborate with cyber and technology leadership, promoting practical security controls aligned with company policies and industry best practices. Responsibilities include conducting security assessments, creating security documentation, improving the cybersecurity assurance review process, and collaborating with cross-functional teams. You will also serve as an escalation point for security reviews and stay updated on technological advancements and evolving threats. The role involves mentoring and developing security talent and working closely with risk, compliance, and audit teams. This fully remote position offers competitive compensation and a comprehensive benefits package.

Requirements

• 10 years of experience in cybersecurity, with at least 5 years of experience leading teams
• Experience designing, building, and securing enterprise AI systems and tooling
• Security leadership experience. Comfort managing work, processes, and people in a risk-focused team from associates to senior engineers in office, remote, and hybrid work environments
• Strong written and spoken communication. An ability to communicate the what and why of complex technical concepts to technical and non-technical leadership
• Threat-focused security experience. An understanding of how threats operate as well as a multitude of diverse controls across AI, identity and access management, networking, endpoint, cloud, email, encryption, data protection, and software development
• Enterprise perspective. Insight to adapt security approaches that meet technical scale and diverse organizational processes with a risk-based approach
• A willingness and desire to dig into the technical details – the flexibility to know when to look at strategic plans and high-level views, and when to talk about architectures and tools
• Empathy for customers and engineers when designing security requirements
• Ability to recommend security measures that are operationally feasible, comprehensively protective, and allow the product to rapidly evolve
• The ability to serve as a collaborative team member and leader who can give and receive constructive feedback
• Subject matter expert to explain common threats to application components including web & software applications, microservices, containers, orchestration platforms, code repositories, CI/CD pipelines, auth systems, and protocols. An expert in securing one or more with willingness to learn and research to make recommendations
• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence

Responsibilities

• Consult on complex enterprise-wide security assessments and engagements to help engineers see the big picture and incorporate enterprise technology direction into security roadmaps
• Communicate the vision and value of what we’re offering. Help grow adoption and increase support for enterprise security
• Create detailed architecture diagrams and security documentation with demonstrated understanding of complex tools and processes
• Help advance and improve our cyber security assurance review engagement process, find efficiencies, and align to consistent frameworks
• Support a unified security assurance process in alignment with risk management to build security in from idea inception through product retirement
• Collaborate across technical, security, and business focused teams to identify areas of need and opportunity
• Serve as an escalation point of contact during security reviews to confirm and if necessary, defend security controls recommended by the security assurance team
• Keep pace with the advancement of technology, regulations, and advancing threat behaviors affecting NBCU
• Review the work of other security engineers for quality and completeness
• Work closely with risk, compliance, legal, and audit teams
• Assist cyber leadership on strategic projects
• Recruit, mentor, coach, train, develop, and support security talent at all levels

Preferred Qualifications

• Threat modelling experience
• Strong AI governance and security background
• Experience with cloud-based application development and hosting
• Understanding of end-to-end secure development methodologies and have expertise in one or more tools/methods used to identify security flaws in applications including: Code Reviews, SAST, DAST, and/or Penetration Testing tools
• Experience with threat analysis frameworks, such as MITRE ATT&CK
• Experience with varied security controls and regulatory frameworks (PCI-DSS 4.0, SCF, NIST, SOX, GDPR, CCPA, SOC2, CMMC, etc.) and ability to create an environment where compliance flows from security
• Project management and multitasking skills
• Experience with securing legacy and cutting edge technologies
• Knowledge or experience in the media and entertainment space and awareness of the technical landscape involved in content creation and delivery

Benefits

• This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks
• Salary range: $175,000 - $210,000 (bonus and LTI eligible)