I am...

Company Description

We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.

• Perform Red Team engagements including Stealth and Purple Teaming either individually or in a team.
• Simulate advanced cyber engagements to test the security posture of different businesses that make up the NBCUniversal ecosystem, in addition to developing and executing sophisticated attack scenarios to test detection and response capabilities.
• Collaborate with blue team members in real time to identify and address security gaps
• Summarize the engagement by including information regarding the target in scope, OSINT reconnaissance performed, actions taken, results, and recommendations and provide the reports and summaries on time.
• Document testing progress and findings – compile technical reports and presentations for both technical and executive audiences
• Remain up to date on current attack vectors and reach beyond common Red Team techniques used today.
• Develop new strategies, processes, best-practices, and tools that contribute to our cyber security posture.
• Ability to adapt work schedule and availability based on engagement requirements.
• Ability to work with all audiences, including the internal team, clients, defense, stakeholders, etc. to explain and/or present vulnerabilities found during engagements and possible methods of mitigating them.
• Provide technical leadership and advise junior team members on attack and penetration test engagements
• When necessary, assist penetration testing team with engagements unrelated to Red Teaming such as PCI, Bug Bounty, and application/product assessments.

Required Qualifications

• 10+ years in cybersecurity
• 4+ years experience in Red Teaming engagements
• Up-to-date knowledge of current security risks, data breach tactics, and cybersecurity incidents
• Experience running end to end Red Team engagements and how to accomplish testing objectives with minimal system impact and avoid detection as needed.
• Experience operationalizing new and expanding Cyber services
• Advanced experience in source code analysis or 1+ year coding experience in 1 or more languages such as Java, C, C++, C#, ASP.NET, PHP, JavaScript, Python, Objective C, Android, Ruby, Perl, Bash, Powershell
• Advanced experience with assessment tools such as BurpSuite, Metasploit, sliver, kali, setoolkit, aircrack-ng, mimikatz, eyewitness, empire, impacket, rubeus, proxy chains, bloodhound,
• Heavy Experience in Windows, Unix, MacOS, AWS, Azure, GCP, Cloud
• Advanced understanding of network protocols, operating systems, cloud environments, and security architectures including TCP/IP network protocols and experience with various AD attack techniques.
• Ability to research and develop new techniques, tools, and methodologies for Red Teaming and its processes.
• Experience with social engineering tactics and physical security assessments.
• Familiarity with adversary tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK framework.
• Advanced report building skills explaining actions taken and explaining start to finish how a full attack was accomplished in detail and in an easy-to-understand manner. Reports contain all needed information and are rarely amiss. Reports are easily ingestible towards all audience types.

Preferred Qualifications

• Experience in iOS, Android preferred
• Relevant certifications such as OSCP, OSWA, OSWP, OSWE, OSEP, OSED, GPEN, GCPN, GWAPT, GMOB, GAWN, GXPN, eWPT, eCPPT, eM, or similar are preferred.
• Extensive knowledge of various penetration testing methodologies and frameworks.

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision.

NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].

For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.

Summary Information About the Role and the Company Overview:

The Information Security Program Manager position will lead and deliver desired capabilities for complex and strategic development initiatives spanning multiple domains at Resideo. You will be a leader and a key change agent for continuing to drive the maturity of program and project execution at Resideo.

• Perform periodic risk assessments/audits to ensure that IT personnel are aware of established policies and procedures, that the controls are in place and maintained throughout the application/system lifecycle. Develop and implement programs to reduce risks in identified areas. Monitor and report to IT leadership on results.
• Manage tracking and disposition of risks by leveraging agreed-upon action plans and timelines.
• Responsible for defining & driving compliance programs to meet requirements across frameworks such as ISO 27001, PCI, SOX, ISO 22301, etc.
• Develop, update, and implement Information Security policies, standards and procedures that support security best practice (NIST & ISO27K)
• Develop and execute cross-functional security and IT program plans and successfully deliver the expected business results for one or more strategic programs or initiatives.
• Measure and monitor the maturity level of established security programs and existing controls to identify gaps and opportunities for improvement. Identify gaps and conduct impact analysis of the existing information security policy framework and make incremental improvement.
• Manage and facilitate the annual reviews of Governance artifacts including Policies, Standards, Processes, and Procedures.
• Serve as the key point of contact for IT during the annual SOX audit, tracking any identified deficiencies, including remediation activities. Report deficiencies to leadership. Provide other support as needed to the auditors.
• Mature the IT Resiliency (Disaster Recovery) program to assure Resideo can recover from unexpected interruptions. Develop dashboards and report compliance of the program.
• Participate in the annual Strategic Planning activities.
• Serve as the compliance subject matter expert in all things artificial intelligence and help Resideo mature and administer strategic direction, policies, and controls.
• Serve as a champion for compliance innovation, driving efficiency and automation.

Required Qualifications:

• 10+ years of experience and track record in direct, program and project management.
• 5+ years’ leadership experience in program/project management function spanning companywide technology and complex Information Technology programs/projects.
• 3+ years of experience in Information Security risk management, strategy planning, technologies, and tools.

Preferred Qualifications:

• Familiarity with information security frameworks such as ISO 27001, PCI-DSS, NIST 800-53, and NIST Cybersecurity Framework, NIST AI Risk Management Framework.
• Skilled or proven ability to analyze complex problems and break them down into logical, actionable parts.
• Ability to effectively prioritize and execute tasks in an agile environment.
• Eloquent written, oral communication, and interpersonal skills.

Additional Commentary:

• Development and training opportunities with a focus on your career growth!
• Be seen and heard with encouragement and empowerment to make decisions and actively engage in healthy debate.
• Be your AUTHENTIC self.
• Leverage your expertise to build and improve Resideo's culture and processes.
• Benefits - Resideo provides comprehensive benefits, including life and health insurance, life assistance program, accidental death and dismemberment insurance, disability insurance, 401k Plan, vacation & holidays.

This position is not eligible for US visa sponsorship.

#LI-HYBRID

#LI-MA1

Are you passionate about security? Do you excel at developing creative solutions to complex problems all while developing your team's skillset? Can you stay ahead of the business with solutions that allow for flexibility while addressing risk? If this sounds like you then bring your expertise to our team as an IAM Okta Analyst.

The Opportunity:

Identity is rapidly becoming the new security perimeter! Come help Fisher Investments reduce risk by applying security through identity controls. You will take advantage of this opportunity to gain experience on a tight knit team that has a record of accomplishments through solid mentorship, career growth and a risk-based approach.

The IAM Okta Analyst is a member of the Information Security Identity Access & Management team, reporting to the Identity & Access Management Associate Vice President. You will be responsible for backup administration of Fishers SSO and MFA platform, implementing new SAML integrations (including MFA) and supporting our usage of the platform.

• Be a SME for critical identity infrastructure supporting and scaling a global workforce
• Be a SME for client identity management in partnership with Fisher departments
• Analyze and Implement new SAML and MFA (Verify or Hard Tokens) integrations within the Okta Platform as coordinated with internal partners and external technical resources
• Support existing identity integrations
• Help manage Fisher Investment's IdP Platform in Okta
• Provide technical expertise in automating processes related to Identity Management and Risk Analysis
• Design, plan and perform upgrades to existing security infrastructure
• Provide input and direction on standards for new security processes

Required Qualifications:

• 5+ years of experience in IAM or related information security discipline
• 3+ years of experience implementing security solutions and system integrations
• Experience with IAM protocols: SAML, OAuth, SCIM, and OpenID Connect in an enterprise environment
• Deliver quality as part of a Scrum team working in an Agile environment

Preferred Qualifications:

• Preference given to experience in a regulated industry: Finance or Healthcare
• BS degree in computer science, Information Security, or related discipline or equivalent experience

Compensation:

• $100,000 - $165,000 base salary per year in the state of WA. New hires should expect to start at the lower end of the range depending on experience
• Eligible for a discretionary bonus based on firm and individual performance

Why Fisher Investments:

We work for a bigger purpose: bettering the investment universe. We take great pride in our inclusive culture, our learning and development framework customized for every employee, and our Great Place to Work Certification. It's the people that make the Fisher purpose possible, and we invest in them by offering exceptional benefits like:

• 100% paid medical, dental and vision premiums for you and your qualifying dependents
• A 50% 401(k) match, up to the IRS maximum
• 20 days of PTO, plus 10 paid holidays
• Family Support programs including 8 week Paid Primary Caregiver Leave, fertility, family forming, and hormonal health assistance and back-up child, adult, and elder care
• $10,000 fertility, hormonal health and family-forming benefit
• Opportunity to participate in our hybrid work from home program. This program is subject to change. Based on tenure and performance eligibility, you will have the opportunity to work from home up to 75 days per year

FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER