At Warner Music Group we're all about our people. Our global company is made up of knowledgeable, passionate, and creative individuals. Our commitment to Diversity, Equity and Inclusion fosters a culture where you can truly belong, contribute, and grow. We believe in everyone's value and encourage applications from people of any age, gender identity, sexual orientation, race, religion, ethnicity, disability, veteran status, and any other characteristic or identity.
It is the mission of every member of the WMG team around the world to create a nurturing environment for artists, songwriters, and the people behind the music – at every stage of their career. We strive to set WMG apart by embracing innovation – an integral part of our company's DNA.
Consider a career at WMG and be a part of one of the most influential forces in culture today.
Job Title: Enterprise SVP Security and PCI Compliance Lead
A little bit about our team:
Global team of dynamic, creative and collaborative problems solvers working together to build highly secure and scalable solutions to drive innovation and operational excellence. This represents a technical and experienced position in the IT organization. This position will be called upon to represent IT organizations by internal and external organizations. An individual in this position is responsible for establishing, overseeing, and coordinating security initiatives in partnership with IT and the business to implement the security program. This group is the digital thought and technology collective working with world class creative Media & Entertainment executives and their teams; acting as the trusted operators and strategic partners with them to deliver the best possible outcomes.
Why this could be your next big break:
This is a global role that will sit within the global technology team and work across multiple verticals to bring security-oriented solutions and expertise to commerce operations across the globe. You will play a crucial role in the establishing, overseeing, and coordinating security initiatives in partnership with IT and the business and manage the translation of Payment Card Industry (''PCI'') security and compliance into business process strategy, planning, and operations. This role will provide opportunities for you to serve as the subject matter expert on PCI compliance within the security organization as well as other groups within Warner Music Group.
Here you'll get to:
• Provide the vision and leadership needed to develop and execute the WMG information security strategy and roadmap.
• Provide annual report to executive leadership on risk posture and monitor the annual PCI Report on Compliance (ROC) with external QSA assessors and various business units. Develop, maintain, and enforce practical and actionable information security and PCI policies and standards that reflect the needs of WMG while keeping pace with changes in technology and security threats.
• Develop and maintain a highly qualified staff of information security experts and coordinate with enterprise groups (e.g., Enterprise Risk Management, Internal Audit) to structure assessment processes, evidence collection, and assessment templates, etc.
• Monitor risks identified during business unit level risk assessments and associated resolution plans and provide input into the information security risk profile and tolerance levels and prioritizes security risk and the investment necessary to mitigate those risks.
• Create and maintain security architecture for WMG and participate in the selection of secure solutions and processes.
• Develop security requirements for information technology infrastructure initiatives, selected systems and, as appropriate, reviews and approves security design of initiatives.
• Measure compliance with policy as part of assessing the overall security risk posture of WMG, and initiates programs to achieve and maintain an adequate security posture.
• Develop and maintain external and internal relationships to influence security policy, standards and programs and enhances secure interoperability with extended entities.
• Leverage information security investments to enhance the WMG brand, administration and compliance processes.
• Develop and employ an ongoing information security communications, training and awareness program tailored to the evolving needs of the requirements of WMG.
• Oversee PCI policy and standard exceptions; elevate risks to the Program Governance Team when necessary for exception and mitigating control tracking.
• Track and report on the PCI compliance status of each business unit and Corporate Function so that enterprise level compliance can be determined.
• Track and report on the remediation plans and timelines associated with PCI gaps in each business unit.
• Monitor changes to the PCI DSS and evaluate compliance status impact at WMG.
• Minimum 8 years of experience in an information security management role with direct experience in PCI DSS, and auditing.
• Skilled in risk management, business risk analysis, and making complex business/risk trader-off recommendations and decisions.
• Strong understanding of the PCI DSS, payment processes, information security and the relationship between threat, vulnerability and information value in the context of risk management.
• Can scope cardholder data environments and evaluate those environments against the PCI DSS requirements.
• Experience documenting and executing PCI DSS Reports of Compliance and Self-Assessment Questionnaires.
• Experience executing remediation activities to achieve compliance with the PCI DSS.
• Experience aiding in the development and maintenance of the PCI DSS compliance program, identifying PCI compliance problems through testing and analysis of audit reports, and reviewing and interpreting new and pending PCI DSS requirements.
• Experience reviewing documentation and technical evidence to meet PCI DSS requirements
• Understanding and documenting complex branded payment acceptance and card servicing processes
• Staying current with new and evolving security topics and technologies via formal training and self-directed education
• Sharing knowledge and experiences with less experienced staff to help grow team talent bench through training and mentoring
• Technical and security audit and assessments; network security, application security
• Have a track record of developing and implementing a comprehensive strategy and plan for managing information security across a large and diverse organization.
• Can gather, analyse and interpret business drivers and develop practical security solutions that provide adequate security to support the business.
• Ability to build effective, cohesive and collaborative management team.
• Extensive experience building and managing a diverse and inclusive team environment with strong commitment to respect, equality and teaming.
• Strong ability to skilfully hire, develop, lead, motivate, performance manage and coach a cross-section of security and technology professionals and managers.
• Deep understanding of system relationships across the technology stack and the associated technical security risks.
It would be music to our ears if you also had:
• Related security control and compliance experience in various frameworks including PCI DSS, PCI PA-DSS, PCI PTS, NIST, ISO, etc.
• CISSP, CISA, CISM and/or other comparable security con
Jobcode: Reference SBJ-gke9q8-3-238-132-225-42 in your application.