Responsibilities

The GRC Policy Lead is responsible for managing and maturing NBCUniversal’s information security policy framework to establish appropriate security requirements across the enterprise that address relevant threats and align with industry standards.

Responsibilities:

• Manage and mature information security policy framework, including policies, standards, and baselines
• Lead working groups to gather policy requirements and feedback from subject matter experts and key stakeholders across the organization
• Draft updates to security policies and standards based on feedback
• Track and report on project status of policy updates
• Prepare release notes to summarize key updates to policies
• Prepare executive briefings on policy to management
• Stay informed of updates to industry standards such ISO 27002, NIST-53, PCI DSS, MPAA and maintain policy mappings to industry standards
• Support integration and maturation of policy, risk, and control frameworks

Qualifications/Requirements

•Minimum 7 years experience in Information Security, with practical experience in writing information security policies, standards, baselines
•Bachelor's degree, preferably in Information Security or related field(s)
•Practical understanding of industry standards such as ISO 27001/2, NIST 800-53, NIST CSF, MPAA, PCI DSS
•Technical writing experience preferred
•Program and project management experience desirable
•CISSP, CISA, CISM, CRISC, or similar industry certification(s) desirable
•Knowledge of controls across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure and social media
•Self-starter, able to work independently and as part of a team
•Strong analytical, research, and problem solving skills with a keen attention to detail
•Strong written, verbal communication and organizational skills
•Knowledge of the risks relevant to Media and Entertainment industry desirable