Overview

Senior Associate, Governance – Woodland Hills, 91367, United States of America 

How we LEAD:

We are seeking a strategic and experienced Senior Associate, Governance to assist leading cybersecurity compliance and governance initiatives in a fast-paced media and entertainment environment. This role is responsible for developing and managing enterprise security policies, managing security audit findings, governing exception requests, and ensuring alignment with the NIST Cybersecurity Framework and broader IT risk management principles.

The ideal candidate brings deep expertise in information security, preferably gained from a Big 4 consulting firm, and a proven track record in managing compliance programs that protect intellectual property, digital assets, and production environments while supporting creativity and operational flexibility.

How you’ll CREATE:

Policy & Standards Management

• Lead the design, implementation, and maintenance of security and cybersecurity policies and standards that safeguard high-value content, production workflows, artist collaboration tools, and digital distribution channels.

• Ensure all documentation aligns with NIST frameworks, regulatory requirements (e.g., GDPR, US SOX, and Euronext Amsterdam), and industry-specific best practices.

• Collaborate with security teams, content security, IT, cloud infrastructure teams, and affected business partners to ensure practical implementation across diverse environments.

Compliance & Findings Management

• Serve as the central point of contact for security audit activity (internal/external), including third-party assessments from content protection agencies or industry consortia.

• Track and manage remediation of security findings across a broad spectrum of assets and environments.

• Develop and maintain executive-ready reports and dashboards on security posture, trend analysis, and control maturity.

Exception & Risk Acceptance Governance

• Own the exception and risk acceptance process, balancing agility for creative and production teams with enterprise risk tolerance.

• Evaluate requests with a clear understanding of media industry constraints while ensuring risk documentation is thorough and accountable.

Cybersecurity Risk Management

• Identify and assess cybersecurity risks across UMG.

• Support enterprise risk management (ERM) efforts with cybersecurity expertise specific to media production lifecycles, IP leakage prevention, and regulatory compliance.

• Collaborate with security and IT operations teams to implement and test key controls, ensuring alignment with creative workflows.

Cybersecurity Program Development & Stakeholder Engagement

• Mature the cybersecurity compliance program roadmap in a way that enables secure innovation across UMG.

• Drive adoption of compliance tooling and processes across distributed and vendor-supported production environments.

Bring your VIBE:

Required

• Bachelor’s degree in Information Security, Information Systems, Cybersecurity, or related field.

• Minimum of 7 years of experience in IT Security Compliance or Risk Management, preferably within media/entertainment, digital content, or high-tech environments.

• Expertise in NIST CSF 2.0, NIST 800-53, and experience applying these frameworks in media industry settings.

• Proven success managing audit lifecycles, compliance exceptions, and enterprise-level security documentation.

• Familiarity with common media production technologies and cloud-based collaboration tools (e.g., Adobe Creative Cloud, Avid, AWS, Frame.io, etc.).

• Proficiency with GRC platforms (e.g., MetricStream, ServiceNow GRC, etc.).

Preferred

• Big 4 consulting experience in cybersecurity, risk, or compliance.

• Industry certifications such as CISSP, CISA, CISM, or CRISC.

• Knowledge of content protection standards and assessment frameworks (e.g., TPN, MPAA, CDSA).

• Experience supporting compliance in media-focused regulatory environments (e.g., COPPA, DMCA, GDPR).

 

Before you apply -
Register now and turn on alerts for jobs like this!

  • To apply for this position, receive job notifications and manage your applications, click "Register with Diversity Jobs Group".
  • To apply for this position without registering, click "Apply with Customer".

By registering you agree to our terms and conditions.

Apply with Customer

IMPORTANT: Before applying for this role, please make sure you have the right to work in the country where the role is based. Unless it clearly stipulates within in the job advert above that the hiring company is looking to or able to sponsor applicants it is deemed that the hiring employer will only consider applications from those able to comply with and work in the country where the role is based.