Lead Technical GRC Analyst

Job DescriptionThe Lead IT GRC Analyst will be a key team member within the NBCUniversal Cyber organization and shape, manage, and evolve NBCUniversal’s security governance framework while driving the development of secure configuration baselines across diverse technical environments. This role requires a unique blend of deep policy and governance framework understanding, hands-on technical collaboration, and proactive engagement to help define security governance throughout the lifecycle of small initiatives to large-scale programs. The ideal candidate brings a strong foundation in information security governance, hands-on technical collaboration, and the ability to translate security principles into actionable, business-friendly requirements.Responsibilities:Key areas of focus for the Cyber Governance Lead include maintaining the organization’s governance framework, designing and developing new cyber governance processes, and helping to design enterprise-scale policy. The successful candidate will be responsible for the following activities: Manage the organization’s security governance program, including participating in Cyber-led projects and programs to design and develop cyber governance processes.Maintaining an effective feedback loop with business partners – seeking and integrating business area feedback into cyber governance processes.Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders.Participate in development, review, and implementation of security policies, standards, procedures, and guidelines in alignment with industry frameworks (, ISO 27001, NIST, CIS).Serve as point of contact for internal audits, certifications, and compliance initiatives related to policy and governance.Actively consult with stakeholders throughout the development lifecycle of small projects and large-scale programs to help establish, refine, and validate governance processes.Conduct technical assessments of configurations to ensure security effectiveness.Monitor regulatory changes and emerging risks to ensure policies remain compliant and adaptive to future threats.Use advanced technologies—, robotic process automation and AI/machine learning—to improve operation.Provide hands-on technical control review to support guidance of enterprise configurations of tools like M365, Slack, Microsoft Defender for Cloud, etc.Design and develop GRC metrics including KPIs and KRIs.QualificationsRequirements:4+ years of experience in information security, governance, risk, or compliance roles.Strong and proven communication (both verbal and written) and customer engagement skills with experience in briefing corporate executives and professionals. Familiarity with industry standards and frameworks (, NIST CSF, ISO 27001, CIS Benchmarks, SOC 2).Ability to read and interpret technical documentation and translate it into governance mandates.Strong analytical and communication skills with the ability to translate complex security concepts into business language.Experience performing system integration, system management, and configuring native controls in modern enterprise IT tooling.Experience working with technical teams to implement and validate secure configurations.Comfortable working in fast-paced, ambiguous, or evolving environments with a solution-oriented mindset.Ability to balance governance rigor with creativity and adaptability in a business-centric approach.Bachelor’s Degree in an IT related field and/or equivalent work experience. Desired Characteristics:Previous experience working in multiple large complex environments and specifically within the Governance, Risk, and Compliance functions. Previous experience working in Governance, Risk, and Compliance functions in the media, entertainment, federal, and/or advanced technology industries. Experience with other enterprise technologies (, Active Directory/Azure AD, cloud platforms, configuration assessment tools)Experience with GRC platforms (, OneTrust, ServiceNow GRC, Archer).Background working with legal, procurement, or privacy teams.Industry certifications such as CRISC, CISA, CISSP, or technical certifications (, Microsoft 365 Certified, AWS Security Specialist) are a plus.Additional Requirements: Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $110,000 - $140,000 (bonus eligible)Additional InformationAs part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access as a result of your disability. You can request reasonable accommodations by emailing AccessibilityS.For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.