4 hours

Sr. Associate, IT Risk & Controls - Corp Technology

New York, NY
  • Job Code
Company NBC Universal

Job Title Sr. Associate, IT Risk & Controls - Corp Technology

Jobid 23768-386628

Location: New York, NY, 10176, USA

Description **Job Number** 36990BR

**Job Title** Sr. Associate, IT Risk & Controls - Corp Technology

**Business Segment** Operations & Technical Services

**Sub-Business** Technology

**Posting Category** Technology/Engineering

**About Us** NBCUniversal is one of the world’s leading media and entertainment companies in the development, production, and marketing of entertainment, news, and information to a global audience. NBCUniversal owns and operates a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, and world-renowned theme parks. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

**Country** United States

**State** New York

**City** New York


Scope of Position

+ The IT Risk and Control Senior Associate is responsible and dedicated to assisting Corporate Technology Groups with standard IT Risk, Compliance and Issues management. This includes IT Risk and Control assessments, guidance, reporting and monitoring. Responsibilities

+ Assist in aligning Corporate Technology Groups to the enterprise IT Risk and Control capabilities

+ Provide framework to business and IT owners to identify critical IT assets and services, assist in continuously managing IT risk and controls of “crown-jewels”

+ Assist Corporate Technology Groups with their remediation efforts and enhancing areas that require control improvements

+ Facilitate development, prioritization and rationalization of risk mitigations including audit action plans

+ Monitor completeness and sustainability of remediation efforts

+ Assist groups with audit readiness

+ Continuously identify, assess, measure and monitor information technology risk by performing risk assessments of IT processes, assets and services

+ Identify and challenge risk and control gaps

+ Review and analyze incidents, threats and audit findings and incorporate into risk management activities

+ Conduct compliance assessments against internal policies, applicable standards and regulatory requirements

+ Utilize RSA Archer as the central repository for risk and control activities and information.

+ Gather, analyze, and report status and metrics on risks, controls and issues including coverage metrics, KRIs and KPIs

+ Maintain deep understanding of organization wide objectives, interactions, issues and risks

+ Liaise with risk champions, application owners, control owners, risk SMEs such as Information Security, Internal Audit and specialized risk management teams

+ Contribute to enterprise IT Risk and Control awareness efforts

+ Stay abreast of current and emerging information risks that could impact NBCU, including current or proposed cyber and privacy legislation. Educate team and key stakeholders.

+ Perform other duties as assigned


Minimum Requirements

+ Bachelor's degree

+ Minimum of 3-5 years of experience in IT risk or audit functions

+ Deep understanding of IT Risk & Control Strategy and Governance concepts and professional standards

+ Demonstrated experience in the areas of risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media

+ Ability to communicate complex technology risk assessment information to non-technical business leaders to ensure they comprehend the risk being assigned to them

+ Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact

+ Project management experience with system implementations and other change events through a clearly defined methodology

+ Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.

+ This individual requires strong written, verbal communication and organizational skills as they will be working on multiple projects with technology stakeholders across the organization

+ Preferred certifications: CISA, CIPP, CRISC, CISSP, and/or CISMEligibility Requirements

+ Interested candidate must submit a resume/CV through NBCUniversal Careers to be considered

+ Must be willing to work in New York

+ Must have unrestricted work authorization to work in the United States

+ Must be 18 years or older

**Desired Characteristics**

+ Self-starter who can function independently with limited direction

+ Knowledge of the risks aligned with Media and Entertainment industry

+ Experience in the development, implementation, and/or maintenance of a global enterprise IT risk and control framework

+ Ability to understand the “big picture” by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities

+ Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements

+ Experience supporting enterprise-wide technology initiatives

+ Experience creating a risk-aware culture

+ Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies

We are an equal opportunity employer, offering a great work environment, challenging career opportunities, professional training and competitive compensation. Click Here to view the NBCUniversal Candidate Privacy Statement.


  • Management/Finance/Administration/IT

The NBC Owned Television Stations create and distribute engaging content that connects with a valuable audience in 10 major markets across the country. Our content platforms include: NBC Stations broadcast and COZI TV, station websites, digital out-of home, and mobile.  Through our local news operations, our lifestyle production arm LX.TV, and our local sales marketing and production teams, NBC creates content that connects communities with the people, events, and issues they care about most.

Job Hunting Advice

Resume Writing

Career Guidance

Share this job:

Sr. Associate, IT Risk & Controls - Corp Technology

New York, NY

Share this job

Sr. Associate, IT Risk & Controls - Corp Technology

New York, NY

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast