Cyber GRC Analyst

Cyber GRC Analyst at Warner Music Group

At Warner Music Group, we're a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. Here, we turn dreams into stardom and audiences into fans. We are guided by three core values that underpin everything we do across all our diverse businesses:

• Curiosity: We do our best work when we’re immersing ourselves in culture and breaking through barriers. Curiosity is the driving force behind creativity and ingenuity. It fuels innovation, and innovation is the key to our future.
• Collaboration: Making music and bringing it to the world is all about the power of originality amplified by teamwork. A great idea, like a great song, travels globally. We ignite passions and build connections across our diverse community of artists, songwriters, partners, and fans.
• Commitment: We pursue excellence for our team and our talent. Everything in music starts with a leap into the unknown, and we’re committed to keeping the faith, acting with integrity, and delivering on our promises.

Technology is one of the most important parts of our business. Whether it’s signing up new artists; ensuring we provide the right data to Spotify, YouTube, and other digital service providers; or helping artists use the latest AI tools and make thoughtful decisions with data-driven insights – technology plays an invaluable role in our success. The engineering team at Warner Music Group makes all of it a reality.

WMG is home to a wide range of artists, musicians, and songwriters that fuel our success. That is why we are committed to creating a work environment that actively values, appreciates, and respects everyone. We encourage applications from people with a wide variety of backgrounds and experiences.

Consider a career at WMG and get the best of both worlds – an innovative global music company that retains the creative spirit of a nimble independent.

A Little Bit About Our Team

We are a global team of dynamic, creative, and collaborative problem solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position within the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for making the production systems more reliable by performing day-to-day operations including system monitoring, troubleshooting, problem identification, and resolution following established and documented procedures and with minimal direction. This group is the digital thought and technology collective working with world-class creative Media & Entertainment executives and their teams; acting as trusted operators and strategic partners with them to deliver the best possible outcomes.

Your Role

This is an opportunity to move the needle and make a significant impact within a large global enterprise. Responsibilities include coordinating projects and resources as new business offerings and technologies are developed and implemented within Warner Music Group. This role requires excellent communication and technical skills, while working closely with all business units within Warner Music Group in determining design criteria and proof of concept as they relate to each business offering. Other functionalities include acting as an engineering liaison to outside engineering entities, project budget management, and vendor management. You will collaborate, design, and implement ideas with business leaders from whiteboard to digital delivery and be a true partner with our business leaders. Recognize that as a Service Organization we’re there to partner and steward the organization to operate efficiently, drive revenue, and manage risk.

Here You’ll Get To

• Perform GRC functions and maintain the Cyber Security Risk register to ensure risks are known and well documented with established resolutions.
• Execute third-party risk processes for cyber.
• Perform/execute on awareness programs and phishing processes.
• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data.
• Review all existing and new security technologies, tools, and services, and make recommendations to the broader infrastructure team.
• Participate in and lead information security related incident response activities.
• Document and oversee policy maintenance and creation.
• Assist in developing and maintaining a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
• Monitor and report on vulnerability remediation timelines, ensuring business units adhere to established SLAs (Service Level Agreements).
• Stay abreast of information security events, news, trends, and evolving legislative/regulatory changes.

About You

Skills required to create and execute a third-party risk program:

• Direct experience managing and working with Security Operations Centers.
• Experience defining and tracking Key Performance Indicators (KPIs) for vulnerability management and patch compliance.
• Direct, hands-on experience or a strong working knowledge of GRC and Security awareness tools.
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

We’d Love It If You Also Had:

Regulations, Standards, and Frameworks:

• Payment Card Industry Data Security Standard (PCI-DSS)
• Sarbanes-Oxley
• General Data Protection Regulation (GDPR)
• NIST Cybersecurity Framework (CSF)

Key skills/competency

• GRC
• Cyber Security Risk Management
• Third-Party Risk Assessment
• Vulnerability Management
• Incident Response Leadership
• Security Policy Development
• Security Architecture
• PCI-DSS
• GDPR
• NIST CSF