Lead Technical GRC Analyst

The Lead IT GRC Analyst will be a key team member within the NBCUniversal Cyber organization and shape, manage, and evolve NBCUniversal’s security governance framework while driving the development of secure configuration baselines across diverse technical environments. This role requires a unique blend of deep policy and governance framework understanding, hands-on technical collaboration, and proactive engagement to help define security governance throughout the lifecycle of small initiatives to large-scale programs. The ideal candidate brings a strong foundation in information security governance, hands-on technical collaboration, and the ability to translate security principles into actionable, business-friendly requirements. Responsibilities: Key areas of focus for the Cyber Governance Lead include maintaining the organization’s governance framework, designing and developing new cyber governance processes, and helping to design enterprise-scale policy. The successful candidate will be responsible for the following activities: Manage the organization’s security governance program, including participating in Cyber-led projects and programs to design and develop cyber governance processes. Maintaining an effective feedback loop with business partners – seeking and integrating business area feedback into cyber governance processes. Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders. Participate in development, review, and implementation of security policies, standards, procedures, and guidelines in alignment with industry frameworks (e.g., ISO 27001, NIST, CIS). Serve as point of contact for internal audits, certifications, and compliance initiatives related to policy and governance. Actively consult with stakeholders throughout the development lifecycle of small projects and large-scale programs to help establish, refine, and validate governance processes. Conduct technical assessments of configurations to ensure security effectiveness. Monitor regulatory changes and emerging risks to ensure policies remain compliant and adaptive to future threats. Use advanced technologies—e.g., robotic process automation and AI/machine learning—to improve operation. Provide hands-on technical control review to support guidance of enterprise configurations of tools like M365, Slack, Microsoft Defender for Cloud, etc. Design and develop GRC metrics including KPIs and KRIs.