Senior Associate, Governance

We are UMG the Universal Music Group. We are the worlds leading music everything we do we are committed to artistry innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music music publishing merchandising and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters and we produce distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How we LEAD:

We are seeking a strategic and experienced Senior Associate Governance to assist leading cybersecurity compliance and governance initiatives in a fast-paced media and entertainment environment. This role is responsible for developing and managing enterprise security policies managing security audit findings governing exception requests and ensuring alignment with the NIST Cybersecurity Framework and broader IT risk management principles.

The ideal candidate brings deep expertise in information security preferably gained from a Big 4 consulting firm and a proven track record in managing compliance programs that protect intellectual property digital assets and production environments while supporting creativity and operational flexibility.

How youll CREATE:

Policy & Standards Management

Lead the design implementation and maintenance of security and cybersecurity policies and standards that safeguard high-value content production workflows artist collaboration tools and digital distribution channels.

Ensure all documentation aligns with NIST frameworks regulatory requirements (e.g. GDPR US SOX and Euronext Amsterdam) and industry-specific best practices.

Collaborate with security teams content security IT cloud infrastructure teams and affected business partners to ensure practical implementation across diverse environments.

Compliance & Findings Management

Serve as the central point of contact for security audit activity (internal/external) including third-party assessments from content protection agencies or industry consortia.

Track and manage remediation of security findings across a broad spectrum of assets and environments.

Develop and maintain executive-ready reports and dashboards on security posture trend analysis and control maturity.

Exception & Risk Acceptance Governance

Own the exception and risk acceptance process balancing agility for creative and production teams with enterprise risk tolerance.

Evaluate requests with a clear understanding of media industry constraints while ensuring risk documentation is thorough and accountable.

Cybersecurity Risk Management

Identify and assess cybersecurity risks across UMG.

Support enterprise risk management (ERM) efforts with cybersecurity expertise specific to media production lifecycles IP leakage prevention and regulatory compliance.

Collaborate with security and IT operations teams to implement and test key controls ensuring alignment with creative workflows.

Cybersecurity Program Development & Stakeholder Engagement

Mature the cybersecurity compliance program roadmap in a way that enables secure innovation across UMG.

Drive adoption of compliance tooling and processes across distributed and vendor-supported production environments.

Bring your VIBE:

Required

Bachelors degree in Information Security Information Systems Cybersecurity or related field.

Minimum of 7 years of experience in IT Security Compliance or Risk Management preferably within media/entertainment digital content or high-tech environments.

Expertise in NIST CSF 2.0 NIST 800-53 and experience applying these frameworks in media industry settings.

Proven success managing audit lifecycles compliance exceptions and enterprise-level security documentation.

Familiarity with common media production technologies and cloud-based collaboration tools (e.g.Adobe Creative Cloud Avid AWS etc.).

Proficiency with GRC platforms (e.g. MetricStream ServiceNow GRC etc.).

Preferred

Big 4 consulting experience in cybersecurity risk or compliance.

Industry certifications such as CISSP CISA CISM or CRISC.

Knowledge of content protection standards and assessment frameworks (e.g. TPN MPAA CDSA).

Experience supporting compliance in media-focused regulatory environments (e.g. COPPA DMCA GDPR).

Perks Playlist:

Join an entrepreneurial global organization where authenticity boldness creativity connection drive and insight arent just valuestheyre how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

• Comprehensive medical dental and vision coverage

• Including 100% coverage for out-patient in-network mental health services

• Fertility coverage for eligible medical plan participants

• Wellbeing reimbursements for fitness classes spa treatments meal services travel and so much more (up to $720/year)

• Student Loan Repayment Assistance and Tuition Reimbursement

• 401(k) with 100% immediate vesting on the first 5% of your contributions plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

• Flexible Paid Time Off (PTO) for exempt employees

• 3-weeks PTO for non-exempt employees

• 2-weeks paid Winter Break

• 10 Company Holidays (including Juneteenth and Wellbeing Day)

• Summer Fridays (between Memorial Day and Labor Day)

• Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama Arizona Georgia Mississippi North Carolina South Carolina Tennessee and Utah.

For more information please click on the following links.

E-Verify Participation Poster:English / Spanish

E-Verify Right to Work Poster:EnglishSpanish

Job Category:

Salary Range:

The actual base salary offered depends on a variety of factors which may include as applicable the qualifications of the individual applicant for the position years of relevant experience specific and unique skills level of education attained certifications or other professional licenses held and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.