Director, Cyber Governance and Controls jobs in United States
cer-icon
Apply on Employer Site
company-logo

NBCUniversal · 22 hours ago

Director, Cyber Governance and Controls

positionUnited States
timeFull-time
remoteRemote
seniorityDirector/Executive
money$155K/yr - $200K/yr
date8+ years exp

NBCUniversal is one of the world's leading media and entertainment companies. The Director of Security Governance and Controls is responsible for shaping and managing the security governance framework and technical approach, while leading teams in governance, controls, and vendor management to ensure effective risk management and compliance.

BroadcastingMedia and EntertainmentNews
check
H1B Sponsor Likelynote

Responsibilities

Lead Governance, Controls, and Vendor management teams in partnership with Risk Management and Compliance
Engage cyber platforms and enterprise engineering teams to align security tooling and baseline configurations with controls and policy
Engage cyber Information Security Officers and security managers, to help translate policy and enable business functions
Serve as the primary contact and subject matter expert for NBCU policies, controls, and vendor management
Build partnerships with Enterprise Technology, Legal, and Procurement to strengthen our comprehensive approach to 3rd parties
Direct teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation
Escalate identified vendor issues and gaps that may place the business at risk
Manage strategy and operation for the vendor risk management lifecycle from inception through termination
Define key performance indicators and key risk indicators and include them when reporting to cybersecurity and risk management leadership
Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation
Support risk assessments of vendor technologies
Document, communicate, and enforce cybersecurity standards that balance risk with business operations
Deliver monthly reporting to leadership, aligning with organizational objectives and team directives
Support audit and compliance activities to help secure the enterprise by documenting the approach, necessary controls, gathering supporting evidence, provide requirements to health/hygiene dashboards
Give and receive constructive feedback in a team environment, fostering a culture of continual improvement and excellence
Demonstrate Strong written/verbal communication and presentation skills with the ability to tailor to both technical, and non-technical audiences

Qualification

GRC experienceInformation security governanceCloud security managementVendor risk managementTechnical infrastructure knowledgeVulnerability managementNetwork protocols knowledgeCybersecurity best practicesLearning agilityCommunication skillsOrganizational skillsTime management skills

Required

Bachelor's Degree in an IT-related field and/or equivalent work experience
8+ years of experience in GRC, including roles in security analysis, compliance and risk management
Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation
Knowledge of GRC for cloud computing, including validation of security configurations, resiliency and data protection
Versed in vulnerability management; emerging threats; insider risk; resiliency; and attacker tactics, techniques and procedures
Working knowledge of network protocols, web application architecture, and common vulnerabilities
Experience working with external vendors and internal technical teams
Excellent organizational, communication, and documentation skills
Ability to manage multiple concurrent projects and deadlines
Engage in learning constantly; actively experimenting and working with new technologies with quick instincts for picking up and developing expertise in new problem domains
Knowledge of best practices in the Cyber Security industry, including OWASP Top 10 and CWE/SANS Top 25
Excellent time management skills to appropriately prioritize multiple concurrent projects

Preferred

Exposure to cloud providers (AWS, Google, Microsoft) and security configuration and management preferred
Large and decentralized business experience
Hands-on experience configuring technical controls in tools like M365 (Conditional Access Policy, Purview, Cloud Defender), Slack (DLP), email secure configuration validation, etc
Complex environment threat modeling experience
GRC leadership experience
Preferred Certifications, but not required: CISSP, CISM, CISA, CRISC or CGRC

Benefits

Medical
Dental and vision insurance
401(k)
Paid leave
Tuition reimbursement
A variety of other discounts and perks

Company

NBCUniversal

twittertwittertwitter
Glassdoor4.0
company-logo
NBCUniversal is a media company that provides entertainment and news development, production, distribution, and marketing services. It is a sub-organization of Comcast.
dateFounded in 1912
location
New York, New York, USA
people-size10001+ employees
web-link
https://www.nbcuniversal.com/

H1B Sponsorship

NBCUniversal has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2020 (1)

Funding

Current Stage
Late Stage
Total Funding
unknown
2011-01-29Acquired

Leadership Team

leader-logo
Jeff Shell
CEO
leader-logo
Stephen Burke
Chief executive officer

Recent News

Morningstar.com
NBCUniversal and Graebel Win Silver in Brandon Hall Group’s Excellence in Action Awards
2026-01-13
Sports Business Journal
NBC’s ‘Legendary February’ highlights Peacock, personal storytelling, new tech and big audience aspirations
2026-01-09
Sports Business Journal
NBCU sells out ad inventory for Milan-Cortina Games
2026-01-07
Company data provided by crunchbase