IT GRC Analyst (Cyber Contract Management)

About the position NBCUniversal is seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to support various functions within the Security Assurance – Governance team. The ideal candidate will have a strong understanding of cybersecurity, vendor contracts, negotiation of third party security standards, and the ability support additional governance functions like 3rd Party Security Reviews. Responsibilities • Collaborate with business leadership, Legal, Procurement, and Cyber to review terms and conditions, ensuring vendor and client obligations are aligned with internal cyber controls • Undertake research as needed when control or regulatory questions arise • Track status of risk remediations in the risk register with business stakeholders • Monitor completeness and sustainability of remediation efforts • Educate and raise awareness on risks and controls • Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders • Contribute to enterprise IT Risk and Control awareness efforts • Maintain deep understanding of organization wide objectives, interactions, issues and risks • Stay abreast of current and emerging information risks, including current or proposed cyber legislation or control frameworks • Perform other related duties and special projects, as assigned, to support evolving GRC and cybersecurity program needs Requirements • Bachelor's degree or equivalent experience. • Minimum of 2 years of experience in IT Governance, Risk or Compliance functions • Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, PCI, etc. • Knowledge of contracting lifecycle • Ability to work independently and in cross functional teams • Strong analytic skills for problem analysis and resolution • Experience in process management systems like Jira, Azure DevBoards, ServiceNow • Experience with the MS office suite – Excel, PowerPoint, Word etc • Strong written/verbal communication and organizational skills Nice-to-haves • Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements. • Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture. • Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align strategies and enterprise priorities. • Industry certifications such as CRISC or CISA are a plus. Benefits • This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Apply tot his job