Director, Cyber Governance and Controls

The Director of Security Governance and Controls is a key team member within the NBCUniversal Cyber Assurance organization. This leader shapes, manages, and evolves NBCUniversal’s security governance framework and technical approach. This role requires a unique blend of deep policy and governance framework understanding, and the creative adaptability to work across dynamic environments, building security processes where needed. The ideal candidate brings a strong foundation in information security governance, a passion for proactive risk management, a wide-range of technical experience and background, and the ability to translate security principles into actionable, business-supporting policies. The ideal candidate will lead vendor engagement by building partnerships with procurement, engaging legal on contracts, and actively reducing risk through business 3rd party engagements. The unique candidate for this role will understand governance from a policy perspective and stretch to implement that governance in tooling with technical controls. Responsibilities: Lead Governance, Controls, and Vendor management teams in partnership with Risk Management and Compliance Engage cyber platforms and enterprise engineering teams to align security tooling and baseline configurations with controls and policy Engage cyber Information Security Officers and security managers, to help translate policy and enable business functions Serve as the primary contact and subject matter expert for NBCU policies, controls, and vendor management Build partnerships with Enterprise Technology, Legal, and Procurement to strengthen our comprehensive approach to 3rd parties. Direct teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation. Escalate identified vendor issues and gaps that may place the business at risk. Manage strategy and operation for the vendor risk management lifecycle from inception through termination. Define key performance indicators and key risk indicators and include them when reporting to cybersecurity and risk management leadership. Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation. Support risk assessments of vendor technologies Document, communicate, and enforce cybersecurity standards that balance risk with business operations Deliver monthly reporting to leadership, aligning with organizational objectives and team directives Support audit and compliance activities to help secure the enterprise by documenting the approach, necessary controls, gathering supporting evidence, provide requirements to health/hygiene dashboards Give and receive constructive feedback in a team environment, fostering a culture of continual improvement and excellence Demonstrate Strong written/verbal communication and presentation skills with the ability to tailor to both technical, and non-technical audiences