GRC Analyst, PCI

Company Description

We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.

Job Description

We are seeking an experienced team member to join the Cyber Security - GRC Organization. The GRC PCI Analyst will be responsible for day-to-day execution of programs and services aimed at meeting PCI DSS compliance requirements and reducing risk. The Analyst will manage the discovery process for new internal PCI clients and work with business PCI Coordinators to complete remediation of items identified as being non-compliant.  Once compliance is achieved, the PCI Analyst will track that compliance is maintained and will be responsible for ensuring PCI Coordinators monitor their control owners on the gathering, approval, and storage of PCI evidence used as input to the PCI Report on Compliance (RoC) and Self-Assessment Questionnaire (SAQ) processes.

Key Qualifications:

• Understanding of the concepts of information risks and the different elements that make up risk. In addition, understand fundamental concepts of information security.
• Experience with Payment Card Industry Data Security Standard (PCI DSS) or equivalent experience in Governance, Risk or Compliance, in a global environment.
• Self-starter who can function independently with limited direction.
• Strong communication and planning skills.

Responsibilities:

• Support NBCU businesses in PCI DSS Self-Assessment (SAQ) and Report on Compliance (RoC) activities  
• Work with PCI Coordinators as the PCI SME on assigned projects and offer council regarding the intent of PCI requirements
• Undertake research as needed when PCI questions arise
• Manage PCI Discovery/Gap Analysis initiatives and coordinate with various NBCU functional groups to determine compliance status for assigned clients
• Work with QSAs to manage process of providing all necessary evidence during PCI assessments
• Track status of PCI DSS issues on assigned projects to ensure that all PCI issues are being addressed
• Anticipate PCI-related issues and escalate as appropriate
• Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders
• Educate and raise awareness on payment processing risks and controls
• Assist stakeholders with control design and enhancements
• Monitor completeness and sustainability of remediation efforts
• Liaise with risk champions, application owners, control owners, QSA’s, risk SMEs such as Cyber Security, Internal Audit and specialized risk management teams
• Contribute to enterprise IT Risk and Control awareness efforts
• Maintain deep understanding of organization wide objectives, interactions, issues and risks
• Stay abreast of current and emerging information risks, including current or proposed cyber legislation or control frameworks.

Qualifications

Basic Requirements:

• Bachelor's degree or equivalent experience
• 2+ years of experience in IT Governance, Risk or Compliance functions
• Knowledge of Payment Card Industry Data Security Standard (PCI DSS)
• Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, etc.
• Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, routers, firewalls, virtualization, tokenization
• An understanding of payment industry participants and basic payments terminology
• Ability to work independently and in cross functional teams
• Strong analytic skills for problem analysis and resolution
• Experience with the MS office suite – Excel, PowerPoint, Word etc.
• Strong written/verbal communication and organizational skills

Desired Characteristics:

• Security certification such as PCIP, ISA, QSA CISSP, CISM or CISA
• Generalist understanding of Network, Cloud, Application and Server Security standards and best practices
• Experience evaluating transactions flows and making determinations on how and when to use Self-Assessment Questionnaires
• Experience working with third party service providers to ensure data is maintained in a secure and compliant manner
• Experience in designing and documenting compensating controls
• Experience in Project Management
• Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
• Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture
• Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities

Additional Requirements:

Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $75,000 - $95,000

Application window is anticipated to close on: 06/13/24.

Additional Information

NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com.