Senior Director, Global Application and Product Security

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
 

How you’ll LEAD

Our team is looking for a Sr. Director, Global Application and Product Security responsible for overseeing the security of software applications within the organization, ensuring they are designed, developed, configured, and maintained with the highest security standards.

The Sr. Director, Application and Product Security is responsible for leading the strategy, implementation, and management of security practices across the software development lifecycle (SDLC). This position ensures that all applications, whether developed internally or by third parties, follow sound security practices and meet the company’s security policy and compliance requirements.

The role involves building close working relationships with business leadership, software development teams, security engineers, IT, and management to minimize risks and ensure the safe operation of software applications.

We take security very seriously, and protecting our customers is our highest priority.  If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business leadership, our software development community, technical IT teams, and business partners, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE

• Develop and lead the application and product security strategy, integrating them with overall business security and risk management objectives.
• Work closely with senior leadership to align security goals with business objectives.
• Cultivate a positive and security-aware culture
• Act as a subject matter expert in application security, advising the organization on best practices and emerging security threats.
• Partner with the business to assess the security of selected bought, hired, or developed business solutions, effectively highlighting and communicating security risk
• Guide development teams in secure coding practices, threat modeling, and risk management for new and existing applications.
• Embed security requirements, standards, and practices into the software development lifecycle (SDLC).
• Partner with DevOps teams to ensure security in CI/CD pipelines.
• Author documents that positively influence the global Universal Music Group community, including best practices, policies, and standards
• Design and implement training programs to educate software engineers, product teams, and other relevant stakeholders on secure development practices.
• Stay updated on the latest security trends, attack vectors, and mitigation techniques
• Build and grow a security champions program
• Lead evaluation projects that strive to determine best-fit, effective solutions to our most pressing application and product security problems
• Leverage metrics to track and improve the effectiveness of our application and product security programs and services
• Host meetings necessary to accomplish assigned goals and objectives
• Provide regular updates to executive leadership on the state of application and product security.
• Other duties as assigned

Bring your VIBE

• Use your curiosity and learning mindset to bear upon a myriad of cyber security problems
• Communicate complex security-related topics effectively with business representatives
• Strong written and verbal communication skills
• Ability to effectively manage multiple concurrent projects
• Organizational and documentation skills
• Report writing and presentation
• Team focus
• Bachelor’s degree in a related field
• Five years of software development experience
• Ten years experience in application security; with consideration for related fields

Perks Playlist:

• Be part of an entrepreneurial, global organization that values authenticity, drive, creativity, relationships, and a competitive spirit

• Comprehensive medical, dental, vision, and FSA options, as well as:

  • 100% coverage for out-patient mental health services

  • Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

  • A lifetime fertility support allowance of $30,000 to plan participants

  • Student Loan Repayment Assistance and Tuition Reimbursement

  • 100% immediately vested 401(k) match on the first 5% of your contribution on eligible compensation

• Variety of ways to prioritize much-needed time away from work including:

  • Flexible Paid Time Off (PTO) for exempt employees

  • 3-weeks PTO for non-exempt employees

  • 2-weeks paid Winter Break

  • 10 Company Holidays (including Juneteenth and Wellbeing Day)

  • Summer Fridays (between Memorial Day and Labor Day)

  • Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish

Job Category:

Salary Range:

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job.  All candidates are encouraged to apply.