NBC Universal
Director, Identity Governance & Directory Services
NBC Universal, Orlando, Florida, us, 32885
Director, Identity Governance & Directory Services
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world. Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The Director, Identity Governance and Directory Services will be a key member of the new Versant Cyber organization. This individual will lead the strategy and implementation of enterprise-wide identity lifecycle governance and access control capabilities. RESPONSIBILITIES: Lead the design, implementation, and governance of scalable access control mechanisms across enterprise platforms. Define and execute the enterprise IGA strategy, including joiner/mover/leaver processes, access request workflows, and identity lifecycle governance. Lead deployment, configuration, and operations of IGA platforms (e.g., SailPoint, Microsoft Entra ID). Oversee and streamline access certification and attestation campaigns across the enterprise. Establish and maintain role-based (RBAC) and attribute-based access control (ABAC) models to enable scalable, context-aware access decisions. Integrate IGA processes with HR systems, ServiceNow, and line-of-business applications for automated provisioning/deprovisioning. Define policies and standards for policy-as-code enforcement, ensuring compliance with security, privacy, and regulatory frameworks. Lead the strategy, design, and operations of enterprise directory services (e.g., Active Directory, Entra ID, LDAP) to support authentication, authorization, and federation. Ensure directory platforms are highly available, scalable, and integrated with modern identity services (SSO, MFA, PKI). Define and enforce directory and access management standards, including naming conventions, OU structures, and group hierarchies. Define and enforce policies for administrative tiering, privileged group management, and directory-level separation of duties. Oversee directory hygiene, schema management, synchronization, and federation across hybrid and multi-cloud environments. Partner with platform, cloud, and DevOps teams to embed directory and identity services into CI/CD, automation, and DevSecOps processes. Promote a culture of diversity, inclusion, collaboration, and continuous improvement within the access governance domain. QUALIFICATIONS: 8+ years in cybersecurity or IAM, with at least 5 years focused on access control, authorization architecture, or identity governance. Deep experience with authorization concepts such as RBAC, ABAC, PBAC, entitlements, and policy-as-code systems. Proficiency with identity systems and cloud authorization frameworks in AWS, Azure, and hybrid environments. Strong understanding of Zero Trust principles and practical access control implementation at scale. Strong leadership skills, social and business acumen, and proven results working with leaders across organizational and business lines to solve complex problems. Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization’s mission. Bachelor’s Degree in an IT related field and/or equivalent work experience. DESIRED CHARACTERISTICS: Previous experience working in multiple large complex environments and specifically within the Identity and/or Security Engineering components of those organizations. Previous experience working in identity, security engineering, and/or information security functions in the media and advanced technology industries. Master’s Degree in an IT related field. Familiarity with core identity functions within media or broadcast environments, particularly where dynamic access to content and infrastructure is required. Experience with platforms for fine-grained access control platforms or other conceptual models (e.g. MAC for trusted solutions) Certifications such as CISSP, Azure Identity Architect, AWS Security Specialty, or GIAC IAM (GIAC-IAM). NBCUniversal is an equal opportunity employer and offers a competitive salary range of $150,000 - $200,000, as well as a comprehensive benefits package, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. We are an equal employment opportunity employer and welcome applications from diverse candidates. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation. We will consider for employment qualified applicants with criminal histories, consistent with applicable law.
#J-18808-Ljbffr
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world. Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The Director, Identity Governance and Directory Services will be a key member of the new Versant Cyber organization. This individual will lead the strategy and implementation of enterprise-wide identity lifecycle governance and access control capabilities. RESPONSIBILITIES: Lead the design, implementation, and governance of scalable access control mechanisms across enterprise platforms. Define and execute the enterprise IGA strategy, including joiner/mover/leaver processes, access request workflows, and identity lifecycle governance. Lead deployment, configuration, and operations of IGA platforms (e.g., SailPoint, Microsoft Entra ID). Oversee and streamline access certification and attestation campaigns across the enterprise. Establish and maintain role-based (RBAC) and attribute-based access control (ABAC) models to enable scalable, context-aware access decisions. Integrate IGA processes with HR systems, ServiceNow, and line-of-business applications for automated provisioning/deprovisioning. Define policies and standards for policy-as-code enforcement, ensuring compliance with security, privacy, and regulatory frameworks. Lead the strategy, design, and operations of enterprise directory services (e.g., Active Directory, Entra ID, LDAP) to support authentication, authorization, and federation. Ensure directory platforms are highly available, scalable, and integrated with modern identity services (SSO, MFA, PKI). Define and enforce directory and access management standards, including naming conventions, OU structures, and group hierarchies. Define and enforce policies for administrative tiering, privileged group management, and directory-level separation of duties. Oversee directory hygiene, schema management, synchronization, and federation across hybrid and multi-cloud environments. Partner with platform, cloud, and DevOps teams to embed directory and identity services into CI/CD, automation, and DevSecOps processes. Promote a culture of diversity, inclusion, collaboration, and continuous improvement within the access governance domain. QUALIFICATIONS: 8+ years in cybersecurity or IAM, with at least 5 years focused on access control, authorization architecture, or identity governance. Deep experience with authorization concepts such as RBAC, ABAC, PBAC, entitlements, and policy-as-code systems. Proficiency with identity systems and cloud authorization frameworks in AWS, Azure, and hybrid environments. Strong understanding of Zero Trust principles and practical access control implementation at scale. Strong leadership skills, social and business acumen, and proven results working with leaders across organizational and business lines to solve complex problems. Experience providing direct support and input to business executives and taking a lead role in driving the strategic direction of the organization’s mission. Bachelor’s Degree in an IT related field and/or equivalent work experience. DESIRED CHARACTERISTICS: Previous experience working in multiple large complex environments and specifically within the Identity and/or Security Engineering components of those organizations. Previous experience working in identity, security engineering, and/or information security functions in the media and advanced technology industries. Master’s Degree in an IT related field. Familiarity with core identity functions within media or broadcast environments, particularly where dynamic access to content and infrastructure is required. Experience with platforms for fine-grained access control platforms or other conceptual models (e.g. MAC for trusted solutions) Certifications such as CISSP, Azure Identity Architect, AWS Security Specialty, or GIAC IAM (GIAC-IAM). NBCUniversal is an equal opportunity employer and offers a competitive salary range of $150,000 - $200,000, as well as a comprehensive benefits package, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. We are an equal employment opportunity employer and welcome applications from diverse candidates. If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation. We will consider for employment qualified applicants with criminal histories, consistent with applicable law.
#J-18808-Ljbffr