Senior Associate, Governance

Join to apply for the Senior Associate, Governance role at Universal Music Group
.

We are UMG, the Universal Music Group, the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are seeking a strategic and experienced Senior Associate, Governance to assist leading cybersecurity compliance and governance initiatives in a fast-paced media and entertainment environment. This role is responsible for developing and managing enterprise security policies, managing security audit findings, governing exception requests, and ensuring alignment with the NIST Cybersecurity Framework and broader IT risk management principles.

The ideal candidate brings deep expertise in information security, preferably gained from a Big 4 consulting firm, and a proven track record in managing compliance programs that protect intellectual property, digital assets, and production environments while supporting creativity and operational flexibility.

• Lead the design, implementation, and maintenance of security and cybersecurity policies and standards that safeguard high-value content, production workflows, artist collaboration tools, and digital distribution channels.
• Ensure all documentation aligns with NIST frameworks, regulatory requirements (e.g., GDPR, US SOX, and Euronext Amsterdam), and industry-specific best practices.
• Collaborate with security teams, content security, IT, cloud infrastructure teams, and affected business partners to ensure practical implementation across diverse environments.

• Serve as the central point of contact for security audit activity (internal/external), including third-party assessments from content protection agencies or industry consortia.
• Track and manage remediation of security findings across a broad spectrum of assets and environments.
• Develop and maintain executive-ready reports and dashboards on security posture, trend analysis, and control maturity.

• Own the exception and risk acceptance process, balancing agility for creative and production teams with enterprise risk tolerance.
• Evaluate requests with a clear understanding of media industry constraints while ensuring risk documentation is thorough and accountable.

• Identify and assess cybersecurity risks across UMG.
• Support enterprise risk management (ERM) efforts with cybersecurity expertise specific to media production life cycles, IP leakage prevention, and regulatory compliance.
• Collaborate with security and IT operations teams to implement and test key controls, ensuring alignment with creative workflows.

• Mature the cybersecurity compliance program roadmap in a way that enables secure innovation across UMG.
• Drive adoption of compliance tooling and processes across distributed and vendor-supported production environments.

• Bachelor’s degree in Information Security, Information Systems, Cybersecurity, or related field.
• Minimum of 7 years of experience in IT Security Compliance or Risk Management, preferably within media/entertainment, digital content, or high-tech environments.
• Expertise in NIST CSF 2.0, NIST 800-53, and experience applying these frameworks in media industry settings.
• Proven success managing audit life cycles, compliance exceptions, and enterprise-level security documentation.
• Familiarity with common media production technologies and cloud-based collaboration tools (e.g., Adobe Creative Cloud, Avid, AWS, Frame.io).
• Proficiency with GRC platforms (e.g., Metric Stream, Service Now GRC).

• Big 4 consulting experience in cybersecurity, risk, or compliance.
• Industry certifications such as CISSP, CISA, CISM, or…