Senior IT GRC Analyst

Summary

Join NBCUniversal as a Sr IT GRC Analyst and support the execution of programs and services to meet compliance requirements and reduce risk. You will work with business leaders and technologists to implement security policies, focusing on access review, control operation reporting, control design, and quality assurance. Responsibilities include managing access reviews, supporting compliance teams, educating stakeholders on access risks, assisting with control design, and monitoring information security risks. You will also conduct research, contribute to program enhancements, liaise with various teams, and maintain a deep understanding of organizational objectives and risks. The role requires a Bachelor's degree or equivalent experience, 3+ years in IT GRC or IAM, and knowledge of relevant frameworks and IT platforms. This fully remote position offers competitive benefits, including medical, dental, vision, 401k, paid leave, and tuition reimbursement.

Requirements

• Bachelor's degree or equivalent experience
• 3+ years of experience in IT Governance, Risk or Compliance or Identity Access Management functions, including roles in security analysis
• Working knowledge of Principle of Least Privilege, Zero Trust and the Identity and Access Management Lifecycle
• Understanding and knowledge of security, risk and privacy regulatory frameworks such as SCF, NIST, SOX, PCI, HIPAA, ISO, CSA, etc
• Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, servers, virtualization, routers and firewalls
• Ability to work independently and in cross-functional teams
• Strong analytic skills for problem analysis and resolution
• Experience with the MS office suite – Excel, PowerPoint, Word etc
• Excellent written/verbal communication and organizational skills
• Understanding of the concepts of information risks and the different elements that make up risk. In addition, understand fundamental concepts of information security
• Experience in Governance, Risk or Compliance or Identity Access Management in a global environment
• Self-starter who can function independently with limited direction
• Strong communication and planning skills
• Strong leadership skills, social and business acumen, and proven results working with leaders across organizational and business lines to solve complex problems

Responsibilities

• Manage access reviews for important systems from kick-off through completion
• Support services, projects and initiatives managed by the Access Review Operations Compliance teams
• Work with Cyber stakeholders and partners to support the intent of internal control and external regulatory requirements
• Educate and raise awareness on access risks and controls
• Assist stakeholders with control design and enhancements
• Continuously identify, assess, measure and monitor information security risk and assist with remediation
• Undertake research as needed when control or regulatory questions arise
• Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders
• Liaise with risk champions, application owners, control owners, risk SMEs such as Cyber Security, Internal Audit and specialized risk management teams
• Contribute to enterprise IT Risk and Control awareness efforts
• Maintain deep understanding of organization wide objectives, interactions, issues and risks
• Stay abreast of current and emerging information risks, including current or proposed cyber legislation or control frameworks

Preferred Qualifications

• Experience in Project Management
• Experience implementing access review controls to provide reasonable assurance that inappropriate levels of access are detected and remediated
• Experience conducting access certifications within SailPoint Identity IQ
• Demonstrated leadership skills with ability to influence and lead change
• Experience developing reports using Splunk, Power BI, Excel or similar platform
• Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
• Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture
• Ability to understand the big picture by aligning activities to business objectives and partnering with other Cyber Assurance functions to align on strategies and enterprise priorities

Benefits

• Medical, dental and vision insurance
• 401(k)
• Paid leave
• Tuition reimbursement
• A variety of other discounts and perks