Security Admin II

Summary

Join NBCUniversal as a Security Administrator II and play a vital role in maintaining and managing the operational system security and platform governance for NBCSports Next. You will be responsible for system and software security hardening, maintaining organizational security procedures, and developing processes to meet compliance and governance objectives. This position requires 24/7 support availability and ensures business compliance and governance initiatives are met. You will serve as a key resource for software platforms to meet industry standard compliance and privacy requirements, leading and managing the PCI-DSS compliance program and other privacy programs. The role also involves ensuring on-premises and cloud-based infrastructure is secure and up-to-date, and effectively communicating the importance of key programs to stakeholders. This fully remote position offers the opportunity to be part of the exciting transition to the new Versant company.

Requirements

• 4+ years’ experience in a Corporate IT environment
• Working knowledge of common IT security frameworks such as: PCI DSS, NIST 800-53, ISO 27001, HITRUST
• Subject Matter Expertise in the following areas: Windows/Linux Operating Systems
• Network Devices and protocols, including data flow diagrams
• Knowledge of the following industry standards: OWASP Top 10, SAN 25, and CWE
• Self-Driven desire to think creatively and produce results
• Knowledge of security defense tools such as: WAF, IDS/IPS, SIEM, and AntiVirus
• Ability to articulate security-related principles into business terms
• Ability to interact with common version control management systems such as GitHub

Responsibilities

• Maintain and manage NBCSports Next Operational system security and platform governance
• System and software security hardening
• Maintaining organizational security procedures
• Developing processes to meet organizational compliance and governance objectives
• Ensure business compliance and governance initiatives are being met across NBCSports Next
• Serve as the key resource for software platforms to meet or exceed industry standard compliance and privacy requirements
• Lead and manage the PCI-DSS compliance program, as well as managing any privacy programs such as GDPR or CCPA
• Ensure our on-premises and cloud-based infrastructure is patched, up to date, and meets the regulatory objectives as outlined by PCI-DSS and NBCUniversal
• Effectively communicate the importance of the key programs and services within the NBCSports Next and NBCUniversal organization to obtain the necessary support, trust, and buy-in from the business
• Present findings, technical reports, and other key information to executive stakeholders
• Contribute to developing and executing a comprehensive PCI DSS technical assessment program by reviewing, evaluating, and testing security policies
• Develop effective communication and collaboration with internal and external teams to facilitate discussion, identified by preparing final reports based on audit tests
• Configure and manage a range of IT infrastructure including: (servers, switches, SIEM, storage arrays, and cloud-hosted infrastructure)
• Monitor and manage daily tickets for employee access, onboarding, and offboarding
• Maintain an active role in the organization's patching schedule and process
• Responding to service interruptions as they occur
• Test and evaluate systems for vulnerabilities via both manual and automated solutions
• Perform performance tuning, hardware upgrades, and resource optimization as required
• Develop automation solutions that help drive compliance and security

Preferred Qualifications

• Understanding of various data and privacy regulations, ie PCI DSS, SOX, HIPAA, GDPR, CCPA
• Understanding of common cloud service environments such as AWS, GCP, or Azure
• Experience designing security network architectures using both hardware and software controls and the ability to secure those tools
• Experience using diagramming tools such as Lucidchart or Visio
• Knowledge of deploying security solutions such as: SEIM, Patching, Vulnerability Scanning, File Integrity monitoring
• Certification in any area of PCI DSS, NIST 800-53, ISO 27001, HITRUST

Benefits

Fully Remote