General Risk Controls Cyber Executive

This is a Full Time Job

General Risk Controls Cyber Executive

A little bit about our team:

Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification, resolution and restoral following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.

Your role:

This is an opportunity to move the needle and make a significant impact within a large global enterprise. Responsibilities include coordinating projects and resources as new business offerings and technologies are developed and implemented within Warner Music Group. Requires excellent communication and technical skills, while working closely with all business units within Warner Music Group in determining design criteria and proof of concept as they relate to each business offering. Collaborate, design and implement ideas with business leaders from whiteboard to digital delivery and be a true partner with our business leaders. Recognize that as a Service Organization we're there to partner and steward the organization to operate efficiency, drive revenue and manage risk.

Here you'll get to:
• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develop security strategy plans and roadmaps
• Participate in application and infrastructure projects to provide security-planning advice
• Create and enhance OKR process for cyber
• Create and maintain a metrics dashboard
• Create and run a global awareness program including phishing exercises
• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data
• Review all existing and new security technologies, tools and services, and make recommendations to the broader infrastructure team
• Ensure incident simulations are executed at the executive level to ensure processes are enhanced and teams are aware
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
• Participate in all information security related incident response activities
• Stay abreast of information security events, news, trends and evolving legislative/regulatory changes

About you:

10+ years previous hands-on cyber experience running GRC functions:
• Direct experience managing and working with MSSP (managed security service providers)
• Experience starting and executing first line risk function
• Prior direct experience in running PCI compliance programs
• Awareness and knowledge of cyber insurance programs

We'd love it if you also had:
• Regulations, Standards and Frameworks
• Sarbanes-Oxley
• General Data Protection Regulation (GDPR)
• NIST Cybersecurity Framework (CSF)



Don't be discouraged if you don't hear from us right away. We're taking our time to review all resumes, and to find the best people for WMG.

Thanks for your interest in working for WMG. We love it here, and think you will, too.

#LI-Hybrid

Salary Range
$200,000-$280,000

Salary ranges are included for job postings where requir