1 day old

Director, IT Risk & Controls Program Lead

New York, NY
  • Job Code
Company NBC Universal

Job Title Director, IT Risk & Controls Program Lead

Jobid 23768-386631

Location: New York, NY, 10176, USA

Description **Job Number** 36992BR

**Job Title** Director, IT Risk & Controls Program Lead

**Business Segment** Operations & Technical Services

**Sub-Business** Technology

**Posting Category** Technology/Engineering

**About Us** NBCUniversal is one of the world’s leading media and entertainment companies in the development, production, and marketing of entertainment, news, and information to a global audience. NBCUniversal owns and operates a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, and world-renowned theme parks. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

**Country** United States

**State** New York

**City** New York


Scope of Position

+ This position will be accountable for NBCUniversal’s IT Risk & Control Program including the development, implementation, and continuous enhancement of the IT Risk & Control framework and its associated controls and reporting. Responsibilities also include the integration of risk concepts into broader strategic planning and risk identification and mitigation activities. Responsibilities

+ Direct the IT Risk and Control team to execute the following activities: own the risk hierarchy and control catalog, work with each Business and Technology group to identify and assess risks, assess existing controls and identify new controls that need to be designed. Assist the various executives to remediate control weaknesses and audit action plans for their groups and prepare them for future audits. Monitor IT risks and controls relevant to each group and report monthly and quarterly (to various governance bodies). Conduct risk and control assessments on business critical applications that can significantly disrupt the business in the event of failure. Utilize RSA Archer as the central repository for risk and control information.

+ Provide framework to business and IT owners to identify critical IT assets and services, assist in continuously managing IT risk and controls of “crown-jewels”

+ Identify and challenge risk and control gaps

+ Conduct detailed assessments of IT processes, assets and services

+ Review and analyze incidents, threats and audit findings and incorporate into risk management activities

+ Facilitate development, prioritization and rationalization of risk mitigations including audit action plans

+ Assist groups with audit readiness

+ Support risk and control requirements for IT Security and Operations tools

+ Gather, analyze, and report program status and metrics on risks, controls and issues including coverage metrics, KRIs and KPIs

+ Stay abreast of current and emerging information risks that could impact NBCU, including current or proposed cyber and privacy legislation. Educate team and key stakeholders.

+ Perform other duties as assigned


Minimum Qualification

+ Bachelor's degree

+ Minimum of 7-10 years of experience in IT risk or audit functions, ideally in a management/leadership position

+ Deep understanding of IT Risk & Control Strategy and Governance concepts and professional standards

+ Demonstrated experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media

+ Project management experience with system implementations and other change events through a clearly defined methodology

+ Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.

+ Technical skills in using GRC platforms to perform IT risk and control management

+ Preferred certifications: CISA, CIPP, CRISC, CISSP, and/or CISM

**Desired Characteristics**

+ Self-starter who can own all responsibilities with little to no supervision and can manage a team effectively and efficiently

+ Experience in the development, implementation, and/or maintenance of a global enterprise IT risk and control framework

+ Ability to communicate with various executives and stakeholders of every level

+ Ability to understand the “big picture” by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities

+ Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements

+ Experience supporting enterprise-wide technology initiatives

+ Experience creating a risk-aware culture

+ Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies

We are an equal opportunity employer, offering a great work environment, challenging career opportunities, professional training and competitive compensation. Click Here to view the NBCUniversal Candidate Privacy Statement.


  • Management/Finance/Administration/IT

The NBC Owned Television Stations create and distribute engaging content that connects with a valuable audience in 10 major markets across the country. Our content platforms include: NBC Stations broadcast and COZI TV, station websites, digital out-of home, and mobile.  Through our local news operations, our lifestyle production arm LX.TV, and our local sales marketing and production teams, NBC creates content that connects communities with the people, events, and issues they care about most.

Job Hunting Advice

Resume Writing

Career Guidance

Share this job:

Director, IT Risk & Controls Program Lead

New York, NY

Share this job

Director, IT Risk & Controls Program Lead

New York, NY

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast