Director, Cyber Governance and Controls

About The Position

Requirements

• Bachelor’s Degree in an IT-related field and/or equivalent work experience.
• 8+ years of experience in GRC, including roles in security analysis, compliance and risk management.
• Exposure to cloud providers (AWS, Google, Microsoft) and security configuration and management preferred.
• Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation.
• Knowledge of GRC for cloud computing, including validation of security configurations, resiliency and data protection.
• Versed in vulnerability management; emerging threats; insider risk; resiliency; and attacker tactics, techniques and procedures.
• Working knowledge of network protocols, web application architecture, and common vulnerabilities.
• Experience working with external vendors and internal technical teams.
• Excellent organizational, communication, and documentation skills.
• Ability to manage multiple concurrent projects and deadlines.
• Engange in learning constantly; actively experimenting and working with new technologies with quick instincts for picking up and developing expertise in new problem domains
• Knowledge of best practices in the Cyber Security industry, including OWASP Top 10 and CWE/SANS Top 25
• Excellent time management skills to appropriately prioritize multiple concurrent projects

Nice To Haves

• Large and decentralized business experience
• Hands-on experience configuring technical controls in tools like M365 (Conditional Access Policy, Purview, Cloud Defender), Slack (DLP), email secure configuration validation, etc.
• Complex environment threat modeling experience
• GRC leadership experience
• Preferred Certifications, but not required: CISSP, CISM, CISA, CRISC or CGRC

Responsibilities

• Lead Governance, Controls, and Vendor management teams in partnership with Risk Management and Compliance
• Engage cyber platforms and enterprise engineering teams to align security tooling and baseline configurations with controls and policy
• Engage cyber Information Security Officers and security managers, to help translate policy and enable business functions
• Serve as the primary contact and subject matter expert for NBCU policies, controls, and vendor management
• Build partnerships with Enterprise Technology, Legal, and Procurement to strengthen our comprehensive approach to 3rd parties.
• Direct teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation.
• Escalate identified vendor issues and gaps that may place the business at risk.
• Manage strategy and operation for the vendor risk management lifecycle from inception through termination.
• Define key performance indicators and key risk indicators and include them when reporting to cybersecurity and risk management leadership.
• Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation.
• Support risk assessments of vendor technologies
• Document, communicate, and enforce cybersecurity standards that balance risk with business operations
• Deliver monthly reporting to leadership, aligning with organizational objectives and team directives
• Support audit and compliance activities to help secure the enterprise by documenting the approach, necessary controls, gathering supporting evidence, provide requirements to health/hygiene dashboards
• Give and receive constructive feedback in a team environment, fostering a culture of continual improvement and excellence
• Demonstrate Strong written/verbal communication and presentation skills with the ability to tailor to both technical, and non-technical audiences

Benefits

• This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks.