-
IAM and Security Services Architect
- NBC Universal (Orlando, FL)
-
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.
Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.
The IAM and Security Services Architect will be a key member of the new Versant Cyber organization. This individual is responsible for design and leading enterprise-scale identity and security solutions. This role will define the architecture for IAM, IGA, PAM, PKI, and broader security services, while ensuring protection for applications, data, networks, and systems across cloud and on-prem environments.
RESPONSIBILITIES:
Key areas of focus for the IAM and Security Services Architect include delivering a comprehensive IAM and Security architecture and design strategy and guiding security engineering and operations, and modernizing architecture to stay ahead of new threats to the enterprise. The successful candidate will be responsible for the following activities:
+ Define IAM and security services architecture roadmap, standards, and reference models.
+ Architect identity solutions using Entra ID/Azure AD, Ping, Okta, CyberArk, SailPoint, and related tools.
+ Design authentication, SSO, federation, MFA, adaptive access, and privileged access solutions.
+ Integrate IAM with cloud providers (AWS, Azure, GCP) and enterprise SaaS applications.
+ Embed IAM and security services into DevSecOps pipelines and application development.
+ Define logging and monitoring standards for IAM and security events, integrating with SIEM platforms.
+ Architect solutions that secure applications, data, networks, and systems in hybrid environments.
+ Conduct security architecture reviews, threat modeling, and design assessments.
+ Partner with engineering and operations teams to deliver scalable, resilient security services.
+ Ensure compliance with regulatory frameworks (SOX, PCI, GDPR, CCPA, etc.).
+ 10+ years in cybersecurity, with 5+ years in IAM and security architecture.
+ Deep expertise in IAM platforms (Azure AD/Entra, Ping, Okta, SailPoint, CyberArk, etc.).
+ Strong experience in IGA, PAM, MFA, PKI, and identity lifecycle management.
+ Proven ability to design secure architectures for applications, data, networks, and systems.
+ Application security experience, including authentication/authorization, API security, SSO/MFA, microservices, and SaaS integration.
+ Data security experience, including encryption, key management, access control, data classification, and compliance alignment.
+ Network security expertise, including segmentation, firewall/IDS/IPS, VPNs, Zero Trust networking, and traffic monitoring.
+ Systems security knowledge, including endpoint hardening, privileged access, patching, baselining, and OS-level monitoring.
+ Hands-on knowledge of cloud IAM (AWS, Azure, GCP) and hybrid enterprise environments.
+ Experience with Zero Trust models and identity-driven access strategies.
+ Strong background in API security, certificate/key management, and service account governance.
+ Excellent communication, collaboration, and stakeholder influence skills.
DESIRED CHARACTERISTICS:
+ Previous experience working in multiple large complex environments and specifically within the Identity and/or Security Engineering components of those organizations.
+ Previous experience working in identity, security engineering, and/or information security functions in the media and advanced technology industries.
+ CISSP, CCSP, GIAC (GDSA/GSNA), Microsoft Identity Architect, or Ping Identity certifications.
+ Experience in media, technology, or large-scale digital platforms.
+ Background in automation, scripting, and DevSecOps practices.
+ Master’s Degree in an IT related field.
Additional Requirements:
+ Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-Versant worksite, most commonly an employee’s residence.
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page (https://www.nbcunicareers.com/benefits) of the Careers website. Salary range: $145,000 - $175,000 (bonus eligible)
We are accepting applications for this position on an ongoing basis.
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected].
Although you'll be hired as an NBCU employee, your employment and the responsibilities associated with this job likely will transition to Versant in the future. By joining at this pivotal time, you'll be a part of this exciting company as it takes shape.
-
Recent Jobs
-
IAM and Security Services Architect
- NBC Universal (Orlando, FL)
-
LINUX Sr Principal Systems Engineer - Active Top Secret Required
- General Dynamics Information Technology (Washington, DC)
-
Executive Administrative Assistant, CPWS - Southern California
- Southern Glazer's Wine and Spirits (Cerritos, CA)
-
AI Native Product Architect
- NTT America, Inc. (Plano, TX)