VP, Governance, Risk, and Compliance (GRC)

Company Description

NBCUniversal is one of the worlds leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.

Comcast NBCUniversal has announced its intent to create a new publicly traded company (Versant) comprised of most of NBCUniversals cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.

Job Description

The Vice President, Governance, Risk, and Compliance (GRC) will be a key senior leader within the new Versant Cyber organization and will make an impact by leveraging their technical experience with strong business acumen to build and expand on core capabilities while modernizing the team’s approach to risk.  This individual reports directly to the Chief Information Security Officer and will set the strategic direction of the organization’s security evaluation program, control frameworks, and risk management processes while ensuring their effective operation.

Key areas of focus for the VP, GRC include managing the organization’s governance program, risk management and trending lifecycle, compliance and policy management, corporate audit liaison functions and leading cybersecurity assurance responsible for risk evaluation and remediation.

Responsibilities:

• Setting the strategic direction of the GRC organization with alignment across key Cyber partner organizations and the overall Cyber strategy.
• Transforming the maturity of existing functions including ownership of the risk management lifecycle and operational processes.
• Directing cross business engagement, interactions, intake of security requests and prioritization across GRC services.
• Directing multiple outsourced services and staff to support operational efficiencies.
• Evaluating security risk of technology implementations across all brands and business units and establishing appropriate accountability within business leadership for accepted risk.
• Crossing business lines, forging key stakeholder relationships, and driving an inclusive cyber defense mission applicable to Versant and its business areas.
• Promoting, fostering, and advocating an environment of collaboration, diversity, and inclusion. 
• Maintaining an effective feedback loop with business partners – seeking and integrating business area feedback into daily operations and strategic growth.
• Influencing the Versant Cyber Organization, executing its strategic and tactical mission, and being a leader of its transformation, maturity, and sustainability.
• Managing, developing, and supporting staff across a wide range of experience levels and maintaining a high bar for effectiveness and inclusion on the team.

Qualifications

Basic Requirements:

• 10+ years working in a leadership position across cyber security disciplines to include but not limited to Cyber-focused security assurance, governance, risk, compliance, audit, and business facing assessment/risk/resolution lifecycle management.
• Hands on experience leading external audits and regulatory reviews involving multiple, complex business workflows.
• Prior experience creating and maintaining governance policies, compliance programs, security training, and board reporting formats.
• Prior experience developing internal testing and control frameworks to ensure operational efficiency and compliance.
• M&A experience driving security evaluations and providing comprehensive risk evaluations.
• Prior experience leading functions and staff defending large, complex global computing enterprises and understanding strategic and tactical requirements to transform and maintain key security functions.
• Expert knowledge of risk frameworks (e.g., COSO, ISO 31000), industry-specific regulations (e.g., SOX, HIPAA, GDPR, CCPA), risk assessment, and mitigation strategies.
• Knowledge of the cyber threat landscape including different types of adversaries, campaigns, and the motivations that drive them and the ability to translate this to defending Versant.
• Strong and proven communication (both verbal and written) and customer engagement skills with experience briefing corporate executives and professionals.
• Strong leadership skills, social and business acumen, and proven results working with leaders across organizational and business lines to solve complex problems.
• Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization’s mission.

Desired Characteristics:

• Previous experience working in multiple large complex environments and specifically within the Governance, Risk, and Compliance functions.
• Previous experience leading Governance, Risk, and Compliance functions in the media, entertainment, and/or advanced technology industries.
• Previous experience building, maintaining, or transforming a risk management program.
• Bachelor’s Degree in an IT related field and/or equivalent work experience
• Master’s Degree in an IT related field

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range:$210,000 - $255,000 (bonus and long-term incentive eligible)

We are accepting applications for this position on an ongoing basis.

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversals policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to AccessibilitySupport@nbcuni.com.

Although youll be hired as an NBCU employee, your employment and the responsibilities associated with this job likely will transition to Versant in the future. By joining at this pivotal time, youll be a part of this exciting company as it takes shape.