Vice President - Identity and Application Security

Full Time Job
Description

How we LEAD:

Universal Music Group is looking for a Vice President of Identity and Application Security to join its growing organization. It's a challenging position that requires a strong background in Information Security practice, deep knowledge of Information Security standards, best practices, technologies and processes, as well as solid communication and organization skills.

The successful candidate will be a critical member of the security leadership team and will assume leadership of the teams responsible for executing projects and tasks associated with IAM and Application Security. This includes identity provisioning, de-provisioning, role-based access control & governance, authorization, risk (both internal and external) based authentication, federation, and privileged access management services across all technology layers. The candidate will also act as a trusted assessor and risk advisor for the application development teams with expertise in application security and penetration testing.

How you’ll CREATE:
• Demonstrate thoughtful leadership and ownership of the Identity and Application Security landscape and its associated programs, including Identity & Access Management and application security.
• Source, hire, lead and motivate the global team responsible for security and identity driving productivity, performance, adherence to process, and alignment with department and company goal.
• Oversee the development, planning, and implementation of a strategy and roadmap for evolving identity services in conjunction with the overall security vision that strives continually to improve the security posture of the business.
• Create, maintain and align company's Information Security policies and standards with industry best practices and business needs.
• Ensure solutions adhere to Information Security policies and standards and that Information Security is appropriately embedded as and when needed.
• Manage the successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders.
• Advocate and spearhead successful adoption of security solutions.
• Engage directly with stakeholders to understand needs, validate priorities, and integrate in the business development process.
• Analyze and present threat modeling and security assessments for an executive audience.
• Focus on critical balance between security and usability; empathize, anticipate and solve for end-user pain points.
• Experience managing multiple teams and enterprise initiatives, both directly and in a matrix environment.
• Manage project and operational budgets; providing clear estimates and forecasts.

Bring your VIBE:

Desired Competencies
• Thinking with a ''Security first and from the ground up'' mindset.
• A process-driven approach to managing security controls and customer touchpoints.
• Knowledge of and experience with current and emerging Identity and application security technologies.
• Understanding of new developments in Data Science field that includes AI/ML to constantly asses real-time risk and take preemptive/proactive actions.
• Strong knowledge of Access Management business processes/workflows, and associated tools (ServiceNow).
• Experience managing Offshore vendor and people.
• Strong knowledge of regulatory standards that govern Information Security practices such as GDPR, SOX, PCI, and state and federal privacy laws.
• Strong knowledge of best practice standards that govern Information Security such as ISO, NIST and SANS.
• Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
• Strong presentation skills involving large and of varying IT background audiences.
• Proven ability to work within a large enterprise that spans multiple continents is governed by change management and has a tiered support model.
• Proven ability to execute projects and initiatives within schedule and budget.

Qualifications

• Master's Degree in Computer Science, Information Security, Management Information Systems, or equivalent work experience acceptable.
• 10 years’ experience in Information Security or Information Technology; 8 years of the proven work history of providing Identity/Access/Security solutions to a global enterprise.
• Strong experience in Identity Lifecycle Management System and Federation services solutions, both on-premise and cloud-based.
• Experience designing and implementing security tools and services at enterprise-scale.
• Understand the essentials of cryptography, operating systems, network security, application security as well as Network and application Penetration Testing.
• Understanding of security of web applications, thick-client applications, RESTful web services, virtualization, docker, Kubernetes, etc.
• Comfortable engaging in deep technical discussions while keeping a strategic view and staying focused on key goals.
• Strong interpersonal skills with the capability to effectively communicate to non-technical decision-makers as required.
• High energy level and flexibility to meet a variety of demands while producing excellent work at an accelerated pace.
• Highly motivated and willing to take on challenges and able to work independently with minimal oversight.
• Travel may be required depending on business needs.

Perks Playlist:
• Competitive Compensation Package including Salary, Benefits and Generous 401k Savings Plan
• Paid Time Off – Paid Holidays, “Gift Week”, Summer Fridays
• Student Loan Repayment Assistance
• Employee Developmental Support
• Annual Gym Reimbursement Package
• Pet Insurance, plus much more!

Universal Music Group is an Equal Opportunity Employer.