Cyber GRC Analyst

At Warner Music Group, we’re a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. Here, we turn dreams into stardom and audiences into fans. We are guided by three core values that underpin everything we do across all our diverse businesses:    • Curiosity: We do our best work when we’re immersing ourselves in culture and breaking through barriers. Curiosity is the driving force behind creativity and ingenuity. It fuels innovation, and innovation is the key to our future.  • Collaboration: Making music and bringing it to the world is all about the power of originality amplified by teamwork. A great idea, like a great song, travels globally. We ignite passions and build connections across our diverse community of artists, songwriters, partners, and fans. • Commitment: We pursue excellence for our team and our talent. Everything in music starts with a leap into the unknown, and we’re committed to keeping the faith, acting with integrity, and delivering on our promises. Technology is one of the most important parts of our business. Whether it’s signing up new artists; ensuring we provide the right data to Spotify, YouTube, and other digital service providers; or helping artists use the latest AI tools and make thoughtful decisions with data-driven insights – technology plays an invaluable role in our success. The engineering team at Warner Music Group makes all of it a reality.  WMG is home to a wide range of artists, musicians, and songwriters that fuel our success. That is why we are committed to creating a work environment that actively values, appreciates, and respects everyone. We encourage applications from people with a wide variety of backgrounds and experiences. Consider a career at WMG and get the best of both worlds – an innovative global music company that retains the creative spirit of a nimble independent. A little bit about our team: Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization.  This position will be called upon to represent IT organizations by internal and external organizations.  An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification and resolution following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes. Your role: This is an opportunity to move the needle and make a significant impact within a large global enterprise. Responsibilities include coordinating projects and resources as new business offerings and technologies are developed and implemented within Warner Music Group. Requires excellent communication and technical skills, while working closely with all business units within Warner Music Group in determining design criteria and proof of concept as they relate to each business offering. Other functionality includes acting as engineering liaison to outside engineering entities, project budget management, and vendor management. Collaborate, design and implement ideas with business leaders from whiteboard to digital delivery and be a true partner with our business leaders. Recognize that as a Service Organization we’re there to partner and steward the organization to operate efficiency, drive revenue and manage risk. Here you’ll get to:

Perform GRC functions and maintain the Cyber Security Risk register to ensure risks are known and well documented with established resolutions.

Execute third party risk processes for cyber

Perform/execute on awareness programs and phishing processes

Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data

Review all existing and new security technologies, tools and services, and make recommendations to the broader infrastructure team

Participate in and lead information security related incident response activities

Document and oversee policy maintenance and creation

Assist in developing and maintaining a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers

Monitor and report on vulnerability remediation timelines, ensuring business units adhere to established SLAs (Service Level Agreements).

Stay abreast of information security events, news, trends and evolving legislative/regulatory changes 

About you:

Skills required to create and execute a third party risk program

Direct experience managing and working with Security Operations Centers

Experience defining and tracking Key Performance Indicators (KPIs) for vulnerability management and patch compliance.

Direct, hands-on experience or a strong working knowledge of GRC and Security awareness tools

Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services

We’d love it if you also had:

Regulations, Standards and Frameworks

Payment Card Industry Data Security Standard (PCI-DSS)

Sarbanes-Oxley

General Data Protection Regulation (GDPR)

NIST Cybersecurity Framework (CSF)