Full-Time GRC Associate Analyst

Associate GRC Risk Analyst is responsible for conducting security risk assessments to help identify and articulate risk and risk treatment options in support of NBCUniversal Business Groups.

Conduct risk assessments to identify, assess, measure, and monitor information security risks to NBCU processes, assets, vendors, products, and services. Generate risk assessment reports to support management action, escalation, and risk acceptance processes resulting from risk assessments.

Liaise with business area information security officers, security contacts, application owners, control owners, and SMEs such as Information Security, Internal Audit, and specialized risk management teams.

Facilitate development, prioritization, and rationalization of risk mitigation, including audit action plans.

Support monitoring of remediation efforts to completion.

Gather, analyze, and report status and metrics on risks, controls, and issues, including coverage metrics, KRIs, and KPIs.

Help mature NBCU risk and control framework.

Minimum Qualifications

2+ years' experience in Information Security, with practical experience in risk assessment.

Bachelor's degree, preferably in Computer Science, Information Systems, Engineering, or related field(s).

Strong knowledge in operations, enterprise networking, systems evaluation, and architecture.

Demonstrated experience in risks and controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, and social media.

Preferred Qualifications

CISSP, CISA, CISM, CRISC, or similar industry certifications.

Practical understanding of security, risk, and privacy regulatory frameworks such as ISO 27001/2, ISO 31000, NIST 800-53, SOX, PCI DSS, HIPAA.

Other Requirements

Self-starter, able to work independently and as part of a team.

Strong analytical, research, and problem-solving skills with a keen attention to detail.

Strong written, verbal communication, and organizational skills.

Communicate complex technology risk assessment information to non-technical business leaders to ensure comprehension of assigned risk.

Discern business-relevant risk associated with technology control deficiencies, and identify corresponding remediation to mitigate the risk.

Knowledge of risks relevant to the Media and Entertainment industry is desirable.

Location: Fully Remote

Benefits: Company-sponsored benefits, including medical, dental, and vision insurance, 401(k), paid leave, tuition reimbursement, and various discounts and perks.

Salary: $62,000 - $70,000

Interview: Potential in-person interviews may be required at NBCUniversal locations prior to hiring.

Equal Opportunity Employer: NBCUniversal provides equal employment opportunities.

Accommodation for Applicants with Disabilities: Requests for reasonable accommodation can be submitted to AccessibilitySupport@nbcuni.com

Fair Chance Initiative for Hiring: Applies to Los Angeles County and City Residents

What is the last date for applying to the job?

Which countries are accepted for this remote job?