Senior Director Risk Management NBCUniversal Media New York

Job Description: • 2-minute read •
NBCUniversal (NBCU) seeks an accomplished professional who has demonstrated expertise and leadership abilities related to information risk management including information security, data privacy, third party security, business continuity risks and related governance processes. Reporting to the VP of Technology Information Risk Management (IRM), the optimal candidate will possess relevant managerial and leadership level experience from a “Big 4”, professional Consulting services firm and/or large commercial enterprise with a mix of auditing and/or consulting experience.

This position will assist the VP of Information Risk Management with establishing risk management strategy, implementation of the risk management methodology, development and implementation of adoption and communication processes as part of implementing multi-year IRM program roadmap. Additional responsibilities include development of departmental practices and processes to fulfill responsibilities to Executive Management with respect to the company’s governance, risk management and control practices in general and for the Technology, vendors and Business Solutions function in particular. The role acts as the primary liaison with Technology Leadership (CIO, VP’s, CISO) as well as work with Legal, Sourcing Management and Chief Privacy Officer; collaboratively develops a risk based information risk management plan and strategy; assists IRM office (IRMO) and company management by assessing technology risks, processes and controls; assist the IRM function with the development of periodic risk assessments of company operations and manages the department’s technology infrastructure and related initiatives such as IRM talent development, executive reporting and related analytics.

Responsibilities

• Enable IRMO stay abreast of current and emerging security risks that could impact NBCU, including current or proposed cyber and privacy legislation.

• Directs and leads risk management functions including security, data privacy, sourcing security, project and program management, business continuity and assurance functions

• Provides consultative guidance to company’s IT and security policy development and assesses the effectiveness of their design

• Responsible for overseeing development and implementation of Risk Management/GRC tools, practices, and policies to analyze and report risks, and to manage information risk faced by the company.

• Oversee and develop the process to gather, analyze, and report Risk Management Metrics and KPI’s to VP’s, peers, and senior management.

• Directs reviews of critical technology practices, new and existing Business applications/solutions and technology infrastructure components providing guidance to the information risk team regarding business and control risks, technical concepts, etc.

• Understand complex distributed/client server platforms, GRC and related applications. Directs assigned team (company and co-sourced external subject matter experts) in assessing risk, establishing project scope, audit program design and execution of control design and operating effectiveness tests.

• Acts as liaison with Technology and Business Solutions and business group and participates in applicable executive management meetings to keep current with plans, projects and associated risks. Acts in an advisory capacity with respect to these matters.

• Direct and manage the design, implementation and on-going maintenance of the departmental technology infrastructure and capabilities such as access to applications, including education, protocols, reports, etc.

• Effectively manages assigned departmental staff on both projects as well as those administratively assigned. Effectively performs all HR related company processes such as Performance Appraisals, team mentoring, development planning, Organizational planning, etc.
Qualifications/Requirements • 15+ years diversified experience including working at “Big 4” and/or working in similar capacities at large, complex business organization.
• Demonstrated leadership in working with C-Suite executives, particularly in the Technology discipline, experience establishing and implementing departmental strategy, managing short-term projects and professional staff.
• Deep understanding of IT Risk Strategy and Governance concepts to be able to provide assurance the company’s Technology Governance framework is adequate and operating effectively.
• Demonstrated experience in the areas of security, controls and related risks across various IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems and social media.
• Project management experience with system implementations and other change events through a clearly defined methodology
• Deep understanding and knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, etc.
• Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance.
• A Bachelor's degree as well as one or more relevant certifications (e.g., CISA, CRISC, CISSP, and/or CISM); Graduate degree highly desirable.

Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.