• Serve as the primary relationship owner for an assigned portfolio of ~100+ active vendors • Maintain strong, professional vendor partnerships focused on reliability, service quality, and responsiveness • Act as the escalation point for vendor-related issues including performance, compliance gaps, payment disputes, or operational concerns • Draft, review, execute, and maintain vendor contracts, amendments, and service agreements • Manage contract lifecycle activities including renewals, updates, terminations, and documentation control • Ensure ongoing vendor compliance with insurance requirements, certificates of insurance (COIs), bonding, licenses, and regulatory standards • Monitor vendor performance against established service level agreements (SLAs) and quality standards • Partner with internal teams to address quality concerns and implement improvement plans • Maintain accurate vendor records, documentation, and compliance tracking • Provide reporting on compliance status, performance metrics, and vendor risk

• Assist in the implementation and oversight of Quality, Risk, and Compliance programs, ensuring adherence to Joint Commission standards and regulatory requirements. • Help coordinate the verification and documentation of staff credentials, including licensure, certification, and registration. • Support the competency assessment program for staff providing telehealth care, ensuring timely completion of initial assessments and ongoing evaluations. • Assist in identifying, assessing, and mitigating quality, risk, and compliance issues, including participating in investigations and root cause analyses. • Support the development and implementation of quality improvement initiatives, ensuring alignment with organizational goals. • Help facilitate risk management activities, including incident reporting and documentation. • Assist in ensuring compliance with state and federal regulations as well as Joint Commission standards, including facilitating internal audits and supporting accreditation activities. • Coordinate the comprehensive internal auditing process, ensuring adherence to quality, risk, and compliance standards, including follow-up on corrective actions. • Assist in the development and maintenance of policies and procedures related to quality, risk, and compliance to support the organization’s mission. • Audit and coordination of audits for clinical documentation. • Educate staff on quality, risk, and compliance policies, including telehealth-specific standards, and help promote a culture of accountability and continuous improvement. • Help monitor and analyze quality, risk, and compliance data to identify trends and provide actionable insights.

cFocus Software seeks a Compliance Lead to join our program supporting Housing and Urban Development (HUD). This position is remote. This position requires a Public Trust clearance. Qualifications: - Bachelor’s degree in Cybersecurity, Information Assurance, Information Technology, or related field. - 6+ years of experience in cybersecurity compliance, audit, or risk management roles. - Experience supporting federal compliance frameworks (FISMA, NIST RMF, FedRAMP). - Experience with audit processes, documentation, and evidence collection. Duties: - Lead cybersecurity compliance efforts aligned with federal standards including FISMA, NIST SP 800-53, OMB, CISA directives, and HUD policies. - Oversee development, implementation, and maintenance of compliance frameworks, policies, and procedures. - Manage audit readiness activities including FISMA audits, internal reviews, and third-party assessments. - Coordinate audit requests, collect evidence, and track audit artifacts in centralized systems. - Serve as primary liaison with auditors and stakeholders during audit engagements. - Develop and maintain Plans of Action and Milestones (POA&M) to remediate findings. - Track and manage Notice of Findings and Recommendations (NFRs) through remediation lifecycle. - Ensure proper documentation, storage, and retrieval of compliance artifacts and evidence. - Support Assessment & Authorization (A&A) processes and Risk Management Framework (RMF) activities. - Develop risk acceptance documentation and support accreditation packages. - Monitor compliance posture and report on risks, gaps, and remediation progress. - Ensure continuous compliance monitoring and alignment with evolving federal mandates. - Provide compliance reporting including monthly, quarterly, and annual status reports. - Support development of SOPs, governance documentation, and compliance strategies.

Company Description NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our global theme park destinations, consumer products, and experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, NBC Sports, Telemundo, NBC Local Stations, Bravo, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through our powerhouse film and television studios, including Universal Pictures, DreamWorks Animation, and Focus Features, and the four global television studios under the Universal Studio Group banner, and operate industry-leading theme parks and experiences around the world through Universal Destinations & Experiences, including Universal Orlando Resort, home to Universal Epic Universe, and Universal Studios Hollywood. NBCUniversal is a subsidiary of Comcast Corporation. Visit www.nbcuniversal.com for more information. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world. Job Description The Lead IT GRC Analyst will be a key team member within the NBCUniversal Cyber organization and shape, manage, and evolve NBCUniversal's security governance framework while driving the development of secure configuration baselines across diverse technical environments. This role requires a unique blend of deep policy and governance framework understanding, hands-on technical collaboration, and proactive engagement to help define security governance throughout the lifecycle of small initiatives to large-scale programs. The ideal candidate brings a strong foundation in information security governance, hands-on technical collaboration, and the ability to translate security principles into actionable, business-friendly requirements. Responsibilities: Key areas of focus for the Cyber Governance Lead include maintaining the organization's governance framework, designing and developing new cyber governance processes, and helping to design enterprise-scale policy. The successful candidate will be responsible for the following activities: - Manage the organization's security governance program, including participating in Cyber-led projects and programs to design and develop cyber governance processes. - Demonstrated experience supporting and operating complex, enterprise-scale IT platforms with a wide and varied customer base, where reliability, security, and governance are mission critical. - Serve as a trusted technical and governance resource for core Enterprise IT platforms, with the capability to provide practical support to ensure security, resilience, and consistency across large-scale, business-critical tools. - Maintaining an effective feedback loop with business partners - seeking and integrating business area feedback into cyber governance processes. - Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders. - Participate in development, review, and implementation of security policies, standards, procedures, and guidelines in alignment with industry frameworks (e.g., ISO 27001, NIST, CIS). - Serve as point of contact for internal audits, certifications, and compliance initiatives related to policy and governance. - Actively consult with stakeholders throughout the development lifecycle of small projects and large-scale programs to help establish, refine, and validate governance processes. - Conduct technical assessments of configurations to ensure security effectiveness. - Monitor regulatory changes and emerging risks to ensure policies remain compliant and adaptive to future threats. - Use advanced technologies-e.g., robotic process automation and AI/machine learning-to improve operation. - Provide hands-on technical control review to support guidance of enterprise configurations of tools like M365, Slack, Microsoft Defender for Cloud, etc. - Design and develop GRC metrics including KPIs and KRIs. Qualifications Requirements: - 4+ years of experience in information security, governance, risk, or compliance roles. - Strong and proven communication (both verbal and written) and customer engagement skills with experience in briefing corporate executives and professionals. - Familiarity with industry standards and frameworks (e.g., NIST CSF, ISO 27001, CIS Benchmarks, SOC 2). - Ability to read and interpret technical documentation and translate it into governance mandates. - Strong analytical and communication skills with the ability to translate complex security concepts into business language. - Experience performing system integration, system management, and configuring native controls in modern enterprise IT tooling. - Experience working with technical teams to implement and validate secure configurations. - Comfortable working in fast-paced, ambiguous, or evolving environments with a solution-oriented mindset. - Ability to balance governance rigor with creativity and adaptability in a business-centric approach. - Bachelor's Degree in an IT related field and/or equivalent work experience. Desired Characteristics: - Previous experience working in multiple large complex environments and specifically within the Governance, Risk, and Compliance functions. - Previous experience working in Governance, Risk, and Compliance functions in the media, entertainment, federal, and/or advanced technology industries. - Experience with other enterprise technologies (e.g., Active Directory/Azure AD, cloud platforms, configuration assessment tools) - Experience with GRC platforms (e.g., OneTrust, ServiceNow GRC, Archer). - Background working with legal, procurement, or privacy teams. - Industry certifications such as CRISC, CISA, CISSP, or technical certifications (e.g., Microsoft 365 Certified, AWS Security Specialist) are a plus. Additional Requirements: - Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence. This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $110,000 - $140,000 (bonus eligible) Additional Information As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com. For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.