GRC Manager, PCI

NBCUniversal, See List Below, Multiple Locations

Innovative, fast-paced, challenging.. we're everything you want in a workplace.

Level: Manager (Supervisor)

Seeking experienced team member to join the Cyber Security - GRC Organization. The GRC PCI Manager will be responsible for providing subject matter expertise, and day-to-day execution of programs and services aimed at meeting PCI DSS compliance requirements and reducing risk. The Manager will manage the discovery process for new internal PCI clients and work with business PCI Coordinators to complete remediation of items identified as “Not in Place”. Once compliance is achieved, the PCI Manager will track that compliance is maintained and will be responsible for ensuring PCI Coordinators monitor their control owners on the gathering, approval, and storage of PCI evidence used as input to the PCI Report on Compliance (RoC) and Self-Assessment Questionnaire (SAQ) processes.

Key Qualifications:
  • Demonstrated knowledge of Payment Card Industry Data Security Standard (PCI DSS) requirements and experience with prioritized implementation in a global environment.
  • Able to review Report on Compliance/Assessment report and provide guidance on remediation actions and advise on services that could be of benefit relative to industry trends around achieving compliance (i.e. technical solutions).
  • Support teams by answering business and technical questions related but not limited to PCI DSS, PA-DSS, Trusted Advisory, Policy and Procedures & Penetration Testing.
  • Self-starter who can own all responsibilities with little to no supervision.

  • Identify and support all NBCU business processes that accept, transmit, process, store, or can impact the security of payment transactions and assist business owners in achieving PCI DSS compliance
  • Identify PCI DSS compliance requirements for each NBCU business process by reviewing architecture and/or network configuration
  • Recommend solutions to resolve control gaps identified during assessments and monitor completeness and sustainability of remediation efforts
  • Manage third-party qualified security assessor (QSA) for any certification where a QSA is required and manage process of providing all necessary evidence during PCI assessments
  • Anticipate PCI-related issues and escalate as appropriate
  • Assist teams in maintaining PCI compliance as new card acceptance solutions and technologies are adopted and rolled out
  • Manage Risk Acceptance Process for PCI related risks
  • Work with PCI Coordinators as the PCI SME on assigned projects and offer council regarding the intent of PCI requirements
  • Maintain documentation critical to the PCI program
  • Monitor PCI Security Standards Council for changes to the current PCI DSS framework
  • Educate and raise awareness on payment processing risks and controls
  • Assist stakeholders with control design and enhancements
  • Liaise with risk champions, application owners, control owners, QSA’s, risk SMEs such as Information Security, Internal Audit and specialized risk management teams
  • Contribute to enterprise IT Risk and Control awareness efforts
  • Maintain deep understanding of organization wide objectives, interactions, issues and risks

Minimum Requirements
•Bachelor's degree or equivalent
•Five to seven years of experience in PCI DSS compliance requirements and implementation
•Demonstrated knowledge of Payment Card Industry Data Security Standard (PCI DSS)
•Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, etc.
•Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, routers, firewalls, virtualization, tokenization
•Understanding of payment industry participants and payments terminology
•Ability to work independently and in cross functional teams
•Strong analytic skills for problem analysis and resolution
•Experience with the MS office suite – Excel, PowerPoint, Word etc.
•Strong written, verbal communication and organizational skills

•Eligibility Requirements
Interested candidate must submit a resume/CV through NBCUniversal Careers to be considered
Must have unrestricted work authorization to work in the United States
Must be 18 years or older

•Security certification such as PCIP, ISA, QSA CISSP, CISM or CISA
•Experience evaluating transactions flows and making determinations on how and when to use Self-Assessment Questionnaires
•Experience working with third party service providers to ensure data is maintained in a secure and compliant manner
•Experience evaluating the use of compensating controls
•Ability to communicate with various executives and stakeholders of every level
•Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements
•Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture
•Experience in Project Management
•Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align on strategies and enterprise priorities

NBCUniversal owns and operates over 20 different businesses across 30 countries including a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, world-renowned theme parks and a premium ad-supported streaming service.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. We strive to foster a diverse and inclusive culture where our employees feel supported, embraced and heard. We believe that our workforce should represent the communities we live in, so that together, we can continue to create and deliver content that reflects the current and ever-changing face of the world. Click here to learn more about Comcast NBCUniversal’s commitment and how we are making an impact.

NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

About NBCUniversal

At NBCUniversal, we believe in the talent of our people. It’s our passion and commitment to excellence that drives NBCU’s vast portfolio of brands to succeed. From broadcast and cable networks, news and sports platforms, to film, world-renowned theme parks and a diverse suite of digital properties, we take pride in all that we do and all that we represent. It’s what makes us uniquely NBCU.

Here you can create the extraordinary. Join us.

Be a Better NBCUniversal Candidate

Learn skills and get an insider's look at NBCUniversal when you watch classes taught by their top employees.

Want to learn more about NBCUniversal? Visit NBCUniversal's website.