Company Description NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our global theme park destinations, consumer products, and experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, NBC Sports, Telemundo, NBC Local Stations, Bravo, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through our powerhouse film and television studios, including Universal Pictures, DreamWorks Animation, and Focus Features, and the four global television studios under the Universal Studio Group banner, and operate industry-leading theme parks and experiences around the world through Universal Destinations & Experiences, including Universal Orlando Resort, home to Universal Epic Universe, and Universal Studios Hollywood. NBCUniversal is a subsidiary of Comcast Corporation. Visit www.nbcuniversal.com for more information. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world. Job Description NBCUniversal is seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to support various functions within the Security Assurance - Governance team. The ideal candidate will have a strong understanding of cybersecurity, vendor contracts, negotiation of third party security standards, and the ability support additional governance functions like 3rd Party Security Reviews. Responsibilities: - Collaborate with business leadership, Legal, Procurement, and Cyber to review terms and conditions, ensuring vendor and client obligations are aligned with internal cyber controls - Undertake research as needed when control or regulatory questions arise - Track status of risk remediations in the risk register with business stakeholders - Monitor completeness and sustainability of remediation efforts - Educate and raise awareness on risks and controls - Contribute to overall program enhancements and drive automation with various IT and Cybersecurity stakeholders - Contribute to enterprise IT Risk and Control awareness efforts - Maintain deep understanding of organization wide objectives, interactions, issues and risks - Stay abreast of current and emerging information risks, including current or proposed cyber legislation or control frameworks - Perform other related duties and special projects, as assigned, to support evolving GRC and cybersecurity program needs Qualifications Requirements: - Bachelor's degree or equivalent experience. - Minimum of 2 years of experience in IT Governance, Risk or Compliance functions - Knowledge of IT Risk Frameworks such as NIST, ISO, CSA, PCI, etc. - Knowledge of contracting lifecycle - Ability to work independently and in cross functional teams - Strong analytic skills for problem analysis and resolution - Experience in process management systems like Jira, Azure DevBoards, ServiceNow - Experience with the MS office suite - Excel, PowerPoint, Word etc - Strong written/verbal communication and organizational skills Desired Characteristics: - Ability to prioritize activities based on business criticality, audits, threats, vulnerabilities, and regulatory requirements. - Experience supporting enterprise-wide technology initiatives and creating a risk-aware culture. - Ability to understand the big picture by aligning activities to business objectives and partnering with other IT GRC functions to align strategies and enterprise priorities. - Industry certifications such as CRISC or CISA are a plus. Additional Requirements: - Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence. This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $65,000 - $85,000 Additional Information As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com. For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.

• Triage and investigate security alerts across endpoints, identity systems, cloud environments, and production workloads. • Support response efforts for a range of security investigations, including account compromise, endpoint activity, and suspicious behavior in cloud, CI/CD, or production systems. • Collect and analyze relevant data (e.g., logs, system activity) to help scope incidents, identify impacted systems, and track activity across environments. • Escalate higher-risk or unclear activity, and support senior team members in ongoing investigations. • Execute containment or remediation actions as directed, and document findings clearly throughout the investigation lifecycle. • Support vulnerability and posture management efforts by validating findings and helping track remediation activities.

Role Description HealthPartners is hiring a Principal Epic Security IT Analyst. This position leads the coordination of Epic access activities across modules, care delivery groups, and the HealthPartners system. This role ensures the effective deployment of Epic security management by: - Maintaining strong access controls - Conducting security reviews for application releases and upgrades - Supporting the integration of security standards across Epic modules In addition, this position provides guidance to IT Security Administration staff on Epic provisioning practices and is responsible for documenting and maintaining provisioning processes. The role is instrumental to the Security Administration team’s oversight and management of Epic, primarily working with the various Epic security teams across HealthPartners, including Epic Core. It serves as the primary subject matter expert for Epic security, facilitates Epic Liaison meetings, and promotes knowledge sharing across internal teams and stakeholders. This position reports to the Manager, IT Security Administration, and joins a collaborative team of fourteen professionals, including administrators and analysts, focused on safeguarding access and security across the Epic environment. Qualifications - Bachelor’s degree or equivalent combination of education and work experience - Eight (8) years of experience in application security administration - Current Epic Security Coordinator certification - Current Epic SER badge certification - Proven troubleshooting and analytical skills - Project coordination experience - Strong negotiation and arbitration skills - Effective communication skills across varying technical aptitudes and hierarchies - Strong experience coordinating and facilitating change management - Working knowledge of compliance and security frameworks - Demonstrated writing and documentation skills - Expert-level knowledge and skill in provisioning access to information assets Requirements - Ten or more (10+) years of experience with Epic Security Administration (preferred) - Experience working with Identity and Access Management (IAM) tools and processes (preferred) Responsibilities - Leads coordination efforts around Epic EMP and SER master files - Consults with IT and non-IT Epic support teams to facilitate and coordinate security integration across Epic modules and Care Delivery groups - Instrumental in designing, creating, and implementing security classes, roles, profiles, menus, and templates - Provides thought leadership in the integration of Epic security practices across the enterprise - Assesses Epic access issues, troubleshooting access incidents and correcting provisioning or Epic Module integration issues - Reviews and analyzes Epic releases and upgrades; ensuring that HealthPartners takes full advantage of new security functionality - Ensures controlled change management for template or other key security functionality changes - Aligns reporting needs for access to Business Partners’ needs and application ownership - Leads efforts in partnership with IT application or technical teams when system changes or enhancements may require security administration utilities - Provides expert administration of user access to systems maintained by the IT Security Administration group - Advises Business partners on security policies and security administration best practices - Produces and maintains Security Administration Procedures for Epic-related access, forms, and documentation - Leads Security Administration efforts to provide evidence for audits and compliance reviews - Consult with IT Security and mobility teams to influence best practices as they relate to remote access capabilities to Epic applications and modules - Maintains knowledge of Epic including Nova release notes, User Forum, Galaxy, and other documentation published through the Epic User Web Benefits - Comprehensive range of benefits to support every aspect of your life, including health, time off, retirement planning, and continuous learning opportunities - Commitment to nurturing diverse talents and supporting work-life balance - Goal to help you thrive physically, mentally, emotionally, and financially Company Description At HealthPartners we believe in the power of good – good deeds and good people working together. As part of our team, you’ll find an inclusive environment that encourages new ways of thinking, celebrates differences, and recognizes hard work. We’re a nonprofit, integrated health care organization, providing health insurance in six states and high-quality care at more than 90 locations, including hospitals and clinics in Minnesota and Wisconsin. We bring together research and education through HealthPartners Institute, training medical professionals across the region and conducting innovative research that improves lives around the world. At HealthPartners, everyone is welcome, included and valued. We’re working together to increase diversity and inclusion in our workplace, advance health equity in care and coverage, and partner with the community as advocates for change.

• Manage identified cybersecurity risks through established risk management tools and processes spanning applications, infrastructure, and business operations. • Collaborate with product, engineering, and business teams to advance security initiatives and integrate security requirements into proposed solutions. • Prepare and deliver the weekly report on security vulnerabilities and identified risks to the business and stakeholders, ensuring timely remediation efforts. • Monitor, analyze, and report on key security metrics , issues, and remediation activities utilizing Excel and other relevant reporting platforms. • Support the organization’s migration to "Secure Flow" (paved path) in partnership with Cybersecurity, IT Developers, and business stakeholders. • Promote awareness of security policies, standards, procedures, and playbooks among business partners to ensure comprehensive adherence from project initiation. • Investigate findings and exceptions, coordinating resolution efforts with Cybersecurity, IT Developers, and business stakeholders. • Assist with third-party/vendor security assessments and risk reviews as required . • Provide customer-focused assistance to internal partners by clearly communicating security requirements, associated risks, and recommended actions in an accessible and business-oriented manner. • 30% Analysis - Perform data gathering, synthesis, and develop solutions; Leverage department standards to achieve results • 30% Collaborate - Partner with teams to identify trends and resolve problems • 40% Drive Execution - Evaluate information and provide recommendations based on findings