About the job
WMG’s top priority is the safety and wellbeing of its team members, artists and songwriters across the globe. In response to COVID-19, WMG is fully committed to helping its people balance their home and life commitments with flexible working options, virtual wellness sessions, and more. WMG strives to maintain a COVID-free workplace. To that end, being fully vaccinated against COVID-19 is a condition of employment for all US new employees, prior to the commencement of employment. If you are hired, you will be required to provide proof of your vaccination as part of your new employee onboarding process, subject to our legal obligation to make reasonable accommodations in certain limited circumstances.
Job Description
At Warner Music Group we’re all about our people. Our global company is made up of knowledgeable, passionate, and creative individuals. Our commitment to Diversity, Equity and Inclusion fosters a culture where you can truly belong, contribute, and grow. We believe in everyone’s value and encourage applications from people of any age, gender identity, sexual orientation, race, religion, ethnicity, disability, veteran status, and any other characteristic or identity.
It is the mission of every member of the WMG team around the world to create a nurturing environment for artists, songwriters, and the people behind the music – at every stage of their career. We strive to set WMG apart by embracing innovation – an integral part of our company‘s DNA.
Consider a career at WMG and be a part of one of the most influential forces in culture today.
Job Title: Enterprise SVP Security and PCI Compliance Lead
A Little Bit About Our Team
Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for establishing, overseeing, and coordinating security initiatives in partnership with IT and the business to implement the security program. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.
Why This Could Be Your Next Big Break
This is a global role that will sit within the global technology team and work across multiple verticals to bring security-oriented solutions and expertise to commerce operations across the globe. You will play a crucial role in the establishing, overseeing, and coordinating security initiatives in partnership with IT and the business and manage the translation of Payment Card Industry (“PCI”) security and compliance into business process strategy, planning, and operations. This role will provide opportunities for you to serve as the subject matter expert on PCI compliance within the security organization as well as other groups within Warner Music Group.
Here You’ll Get To
- Provide the vision and leadership needed to develop and execute the WMG information security strategy and roadmap.
- Provide annual report to executive leadership on risk posture and monitor the annual PCI Report on Compliance (ROC) with external QSA assessors and various business units. Develop, maintain, and enforce practical and actionable information security and PCI policies and standards that reflect the needs of WMG while keeping pace with changes in technology and security threats.
- Develop and maintain a highly qualified staff of information security experts and coordinate with enterprise groups (e.g., Enterprise Risk Management, Internal Audit) to structure assessment processes, evidence collection, and assessment templates, etc.
- Monitor risks identified during business unit level risk assessments and associated resolution plans and provide input into the information security risk profile and tolerance levels and prioritizes security risk and the investment necessary to mitigate those risks.
- Create and maintain security architecture for WMG and participate in the selection of secure solutions and processes.
- Develop security requirements for information technology infrastructure initiatives, selected systems and, as appropriate, reviews and approves security design of initiatives.
- Measure compliance with policy as part of assessing the overall security risk posture of WMG, and initiates programs to achieve and maintain an adequate security posture.
- Develop and maintain external and internal relationships to influence security policy, standards and programs and enhances secure interoperability with extended entities.
- Leverage information security investments to enhance the WMG brand, administration and compliance processes.
- Develop and employ an ongoing information security communications, training and awareness program tailored to the evolving needs of the requirements of WMG.
- Oversee PCI policy and standard exceptions; elevate risks to the Program Governance Team when necessary for exception and mitigating control tracking.
- Track and report on the PCI compliance status of each business unit and Corporate Function so that enterprise level compliance can be determined.
- Track and report on the remediation plans and timelines associated with PCI gaps in each business unit.
- Monitor changes to the PCI DSS and evaluate compliance status impact at WMG.
About You
- Minimum 8 years of experience in an information security management role with direct experience in PCI DSS, and auditing.
- Skilled in risk management, business risk analysis, and making complex business/risk trader-off recommendations and decisions.
- Strong understanding of the PCI DSS, payment processes, information security and the relationship between threat, vulnerability and information value in the context of risk management.
- Can scope cardholder data environments and evaluate those environments against the PCI DSS requirements.
- Experience documenting and executing PCI DSS Reports of Compliance and Self-Assessment Questionnaires.
- Experience executing remediation activities to achieve compliance with the PCI DSS.
- Experience aiding in the development and maintenance of the PCI DSS compliance program, identifying PCI compliance problems through testing and analysis of audit reports, and reviewing and interpreting new and pending PCI DSS requirements.
- Experience reviewing documentation and technical evidence to meet PCI DSS requirements
- Understanding and documenting complex branded payment acceptance and card servicing processes
- Staying current with new and evolving security topics and technologies via formal training and self-directed education
- Sharing knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring
- Technical and security audit and assessments; network security, application security
- Have a track record of developing and implementing a comprehensive strategy and plan for managing information security across a large and diverse organization.
- Can gather, analyse and interpret business drivers and develop practical security solutions that provide adequate security to support the business.
- Ability to build effective, cohesive and collaborative management team.
- Extensive experience building and managing a diverse and inclusive team environment with strong commitment to respect, equality and teaming.
- Strong ability to skilfully hire, develop, lead, motivate, performance manage and coach a cross-section of security and technology professionals and managers.
- Deep understanding of system relationships across the technology stack and the associated technical security risks.
It would be music to our ears if you also had:
- Related security control and compliance experience in various frameworks including PCI DSS, PCI PA-DSS, PCI PTS, NIST, ISO, etc.
- CISSP, CISA, CISM and/or other comparable security controls or audit certifications.
- Senior-level written and verbal communication skills.
- Excellent leadership, teamwork and collaboration skills.
- Experience working with third party service providers to ensure data is maintained in a secure and compliant manner.
- Knowledge of IT platforms, web, middleware, cloud services (IaaS, PaaS, SaaS), database, operating systems, infrastructure, routers, firewalls, virtualization, tokenization.
- Experience evaluating the use of compensating controls.
- Previous QSA or ISA experience.
About Us
With its broad and diverse roster of new stars and legendary artists, Warner Music Group is home to a collection of the best-known record labels in the music industry including Asylum, Atlantic, East West, Elektra, FFRR, Fuelled by Ramen, Nonesuch, Parlophone, Rhino, Roadrunner, Sire, Warner Records, Warner Classics and Warner Chappell Music, one of the world’s leading music publishers with a catalogue of more than one million copyrights worldwide.
For more than four decades, WMG has been an industry-leading force in providing a world-class array of services designed to help artists and labels grow their careers and their businesses. Artist & Label Services is the umbrella for WEA (Warner-Elektra-Atlantic) – the pioneering WEA distribution and marketing network – and Alternative Distribution Alliance (ADA) – the ground-breaking global distribution company for independent artists and labels.
Love this job and want to apply?
Click the “Apply” link at the top of the page or apply directly with your LinkedIn. Applying with LinkedIn will import all the information you put in your profile but will still allow you to upload a resume and cover letter.
Don’t be discouraged if you don’t hear from us right away. We’re taking our time to review all resumes, and to find the best people for WMG.
Thanks for your interest in working for WMG. We love it here, and think you will, too.
WMG is committed to inclusion and diversity in all aspects of our business. We are proud to be an equal opportunity workplace and will evaluate qualified applicants without regard to race, religious creed, color, age, sex, sexual orientation, gender, gender identity, gender expression, national origin, ancestry, marital status, medical condition as defined by state law (genetic characteristics or cancer), physical or mental disability, military service or veteran status, pregnancy, childbirth and related medical conditions, genetic information or any other characteristic protected by applicable federal, state or local law.
Copyright © 2021 Warner Music Inc.
More Information
- Address New York, NY, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10