Lead Technical GRC Analyst (Governance)

Company Description: NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our global theme park destinations, consumer products, and experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, NBC Sports, Telemundo, NBC Local Stations, Bravo, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through our powerhouse film and television studios, including Universal Pictures, DreamWorks Animation, and Focus Features, and the four global television studios under the Universal Studio Group banner, and operate industry-leading theme parks and experiences around the world through Universal Destinations & Experiences, including Universal Orlando Resort, home to Universal Epic Universe, and Universal Studios Hollywood. NBCUniversal is a subsidiary of Comcast Corporation. Visit www.nbcuniversal.com for more information. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world. Job Description: The Lead IT GRC Analyst will be a key team member within the NBCUniversal Cyber organization and shape, manage, and evolve NBCUniversal’s security governance framework while driving the development of secure configuration baselines across diverse technical environments. This role requires a unique blend of deep policy and governance framework understanding, hands-on technical collaboration, and proactive engagement to help define security governance throughout the lifecycle of small initiatives to large-scale programs. The ideal candidate brings a strong foundation in information security governance, hands-on technical collaboration, and the ability to translate security principles into actionable, business-friendly requirements. Responsibilities: Key areas of focus for the Cyber Governance Lead include maintaining the organization’s governance framework, designing and developing new cyber governance processes, and helping to design enterprise-scale policy. The successful candidate will be responsible for the following activities:

• Manage the organization’s security governance program, including participating in Cyber-led projects and programs to design and develop cyber governance processes.
• Demonstrated experience supporting and operating complex, enterprise-scale IT platforms with a wide and varied customer base, where reliability, security, and governance are mission critical.
• Serve as a trusted technical and governance resource for core Enterprise IT platforms, with the capability to provide practical support to ensure security, resilience, and consistency across large-scale, business‑critical tools.
• Maintaining an effective feedback loop with business partners – seeking and integrating business area feedback into cyber governance processes.
• Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders.
• Participate in development, review, and implementation of security policies, standards, procedures, and guidelines in alignment with industry frameworks (e.g., ISO 27001, NIST, CIS).
• Serve as point of contact for internal audits, certifications, and compliance initiatives related to policy and governance.
• Actively consult with stakeholders throughout the development lifecycle of small projects and large-scale programs to help establish, refine, and validate governance processes.
• Conduct technical assessments of configurations to ensure security effectiveness.
• Monitor regulatory changes and emerging risks to ensure policies remain compliant and adaptive to future threats.
• Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation.
• Provide hands-on technical control review to support guidance of enterprise configurations of tools like M365, Slack, Microsoft Defender for Cloud, etc.
• Design and develop GRC metrics including KPIs and KRIs.

Qualifications: Requirements:

• 4+ years of experience in information security, governance, risk, or compliance roles.
• Strong and proven communication (both verbal and written) and customer engagement skills with experience in briefing corporate executives and professionals.
• Familiarity with industry standards and frameworks (e.g., NIST CSF, ISO 27001, CIS Benchmarks, SOC 2).
• Ability to read and inter