Full-Time GRC Risk Analyst

GRC Risk Analyst is responsible for conducting security risk assessments to identify and articulate risk and risk treatment options for NBCUniversal Business Groups.

Conduct and manage supplier security risk assessments, from initiation to completion, to identify, assess, measure, and monitor information security risks to NBCU processes, assets, vendors, products, and services.

Generate risk assessment reports to support management action, escalation, and risk acceptance processes.

Liaise with business area information security officers, security contacts, application owners, control owners, and subject matter experts (SMEs) such as Information Security, Internal Audit, and specialized risk management teams.

Communicate the importance of timely remediation of identified risks.

Facilitate the development, prioritization, and rationalization of risk mitigation action plans.

Support the monitoring of remediation efforts to completion.

Review and analyze evidence of remediation completion.

Gather, analyze, and report status and metrics on risks and controls.

Support continued improvement initiatives related to risk assessment and management programs.

Requirements:

Minimum 3+ years’ experience in Information Security, with practical experience in risk assessment and risk management.

Bachelor's degree, preferably in Computer Science, Information Systems, Engineering, or related field(s).

In-depth Cyber and IT security knowledge and understanding of operations, systems evaluation, and architecture.

Demonstrated experience using industry standards and frameworks to implement best practices in cybersecurity risk management in IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, and social media.

Technical Cyber Security Certification through SANS, ISACA, (ISC)2, CompTIA, etc.

Practical understanding of security, risk, and privacy regulatory frameworks like ISO 27001/2, ISO 31000, NIST 800-53, SOX, PCI DSS, HIPAA.

Self-starter, able to work independently and as part of a team.

Strong analytical, research, and problem-solving skills with keen attention to detail.

Strong written, verbal communication, and organizational skills.

Able to communicate complex technology risk assessment information to non-technical business leaders.

Able to discern business-relevant risk associated with technology control deficiencies and identify the corresponding remediation required to mitigate the risk.

Knowledge of risks relevant to the Media and Entertainment industry (desirable).

Salary Range: $70,000 - $90,000

What is the last date for applying to the job?

Which countries are accepted for this remote job?