We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
How we LEAD:
We are seeking a strategic and experienced Senior Associate, Governance to assist leading cybersecurity compliance and governance initiatives in a fast-paced media and entertainment environment. This role is responsible for developing and managing enterprise security policies, managing security audit findings, governing exception requests, and ensuring alignment with the NIST Cybersecurity Framework and broader IT risk management principles.
The ideal candidate brings deep expertise in information security, preferably gained from a Big 4 consulting firm, and a proven track record in managing compliance programs that protect intellectual property, digital assets, and production environments while supporting creativity and operational flexibility.
How you’ll CREATE:
Policy & Standards Management
• Lead the design, implementation, and maintenance of security and cybersecurity policies and standards that safeguard high-value content, production workflows, artist collaboration tools, and digital distribution channels.
• Ensure all documentation aligns with NIST frameworks, regulatory requirements (e.g., GDPR, US SOX, and Euronext Amsterdam), and industry-specific best practices.
• Collaborate with security teams, content security, IT, cloud infrastructure teams, and affected business partners to ensure practical implementation across diverse environments.
Compliance & Findings Management
• Serve as the central point of contact for security audit activity (internal/external), including third-party assessments from content protection agencies or industry consortia.
• Track and manage remediation of security findings across a broad spectrum of assets and environments.
• Develop and maintain executive-ready reports and dashboards on security posture, trend analysis, and control maturity.
Exception & Risk Acceptance Governance
• Own the exception and risk acceptance process, balancing agility for creative and production teams with enterprise risk tolerance.
• Evaluate requests with a clear understanding of media industry constraints while ensuring risk documentation is thorough and accountable.
Cybersecurity Risk Management
• Identify and assess cybersecurity risks across UMG.
• Support enterprise risk management (ERM) efforts with cybersecurity expertise specific to media production lifecycles, IP leakage prevention, and regulatory compliance.
• Collaborate with security and IT operations teams to implement and test key controls, ensuring alignment with creative workflows.
Cybersecurity Program Development & Stakeholder Engagement
• Mature the cybersecurity compliance program roadmap in a way that enables secure innovation across UMG.
• Drive adoption of compliance tooling and processes across distributed and vendor-supported production environments.
Bring your VIBE:
Required
• Bachelor’s degree in Information Security, Information Systems, Cybersecurity, or related field.
• Minimum of 7 years of experience in IT Security Compliance or Risk Management, preferably within media/entertainment, digital content, or high-tech environments.
• Expertise in NIST CSF 2.0, NIST 800-53, and experience applying these frameworks in media industry settings.
• Proven success managing audit lifecycles, compliance exceptions, and enterprise-level security documentation.
• Familiarity with common media production technologies and cloud-based collaboration tools (e.g., Adobe Creative Cloud, Avid, AWS, Frame.io, etc.).
• Proficiency with GRC platforms (e.g., MetricStream, ServiceNow GRC, etc.).
Preferred
• Big 4 consulting experience in cybersecurity, risk, or compliance.
• Industry certifications such as CISSP, CISA, CISM, or CRISC.
• Knowledge of content protection standards and assessment frameworks (e.g., TPN, MPAA, CDSA).
• Experience supporting compliance in media-focused regulatory environments (e.g., COPPA, DMCA, GDPR).
Perks Playlist:
Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit
Comprehensive medical, dental, vision, and FSA options, as well as:
100% coverage for out-patient mental health services
Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
A lifetime fertility support allowance of $30,000 to plan participants
Student Loan Repayment Assistance and Tuition Reimbursement
100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation
Variety of ways to prioritize much-needed time away from work including:
Flexible Paid Time Off (PTO) for exempt employees
3-weeks PTO for non-exempt employees
2-weeks paid Winter Break
10 Company Holidays (including Juneteenth and Wellbeing Day)
Summer Fridays (between Memorial Day and Labor Day)
Generous paid parental leave for every type of parent
Check out our full overview of benefits on the Perks Playlist page of the career site.
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.
For more information, please click on the following links.
E-Verify Participation Poster: English / Spanish
E-Verify Right to Work Poster: English | Spanish
Salary Range:
$89,200.00 - $166,900.00The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.