Company Description

NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.

Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.

Job Description

As the Director of Security Engineering for AI, you will lead security consulting engagements for projects across NBCU businesses. You will interface with cyber and technology team leadership, evangelize practical security controls that comply with our policies and draw from industry best practices to drive our overall cybersecurity strategy.

Responsibilities:

Consult on complex enterprise-wide security assessments and engagements to help engineers see the big picture and incorporate enterprise technology direction into security roadmapsCommunicate the vision and value of what we’re offering. Help grow adoption and increase support for enterprise securityCreate detailed architecture diagrams and security documentation with demonstrated understanding of complex tools and processesHelp advance and improve our cyber security assurance review engagement process, find efficiencies, and align to consistent frameworksSupport a unified security assurance process in alignment with risk management to build security in from idea inception through product retirementCollaborate across technical, security, and business focused teams to identify areas of need and opportunityServe as an escalation point of contact during security reviews to confirm and if necessary, defend security controls recommended by the security assurance teamKeep pace with the advancement of technology, regulations, and advancing threat behaviors affecting NBCUReview the work of other security engineers for quality and completenessWork closely with risk, compliance, legal, and audit teamsAssist cyber leadership on strategic projectsRecruit, mentor, coach, train, develop, and support security talent at all levels

Qualifications

Basic Requirements:

10 years of experience in cybersecurity, with at least 5 years of experience leading teamsExperience designing, building, and securing enterprise AI systems and toolingSecurity leadership experience. Comfort managing work, processes, and people in a risk-focused team from associates to senior engineers in office, remote, and hybrid work environmentsStrong written and spoken communication. An ability to communicate the what and why of complex technical concepts to technical and non-technical leadershipThreat-focused security experience. An understanding of how threats operate as well as a multitude of diverse controls across AI, identity and access management, networking, endpoint, cloud, email, encryption, data protection, and software developmentEnterprise perspective. Insight to adapt security approaches that meet technical scale and diverse organizational processes with a risk-based approachA willingness and desire to dig into the technical details – the flexibility to know when to look at strategic plans and high-level views, and when to talk about architectures and toolsEmpathy for customers and engineers when designing security requirementsAbility to recommend security measures that are operationally feasible, comprehensively protective, and allow the product to rapidly evolveThe ability to serve as a collaborative team member and leader who can give and receive constructive feedbackSubject matter expert to explain common threats to application components including web & software applications, microservices, containers, orchestration platforms, code repositories, CI/CD pipelines, auth systems, and protocols. An expert in securing one or more with willingness to learn and research to make recommendations

Desired Characteristics:

Threat modelling experienceStrong AI governance and security backgroundExperience with cloud-based application development and hostingUnderstanding of end-to-end secure development methodologies and have expertise in one or more tools/methods used to identify security flaws in applications including: Code Reviews, SAST, DAST, and/or Penetration Testing toolsExperience with threat analysis frameworks, such as MITRE ATT&CKExperience with varied security controls and regulatory frameworks (PCI-DSS 4.0, SCF, NIST, SOX, GDPR, CCPA, SOC2, CMMC, etc.) and ability to create an environment where compliance flows from securityProject management and multitasking skillsExperience with securing legacy and cutting edge technologiesKnowledge or experience in the media and entertainment space and awareness of the technical landscape involved in content creation and delivery

Additional Requirements:

Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $175,000 - $210,000 (bonus and LTI eligible)

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].

For LA County and City Residents Only:  NBCUniversal will consider for employment  qualified applicants with criminal histories, or arrest or conviction records, in a manner  consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.