Data Governance & Compliance Manager

Overview

Concord is the world’s leading independent music company. The Company supports more than 125,000 artists and songwriters whose works are licensed, marketed, and performed globally. Concord's growing catalog of 1.3 million songs, compositions, sound recordings, films, plays, and musicals is one of the most impactful and culturally relevant collections of creative rights in history.

Concord is headquartered in Nashville with additional offices in Los Angeles, New York, London, Berlin, Melbourne, and Miami.

As the Data Governance & Compliance Manager, you will report the Senior Director, Info Security and Data Governance, working closely with Legal and Business Affairs team, to lead the organization’s Privacy, Governance, and Compliance Program. Duties for the role include, but are not limited to the development, implementation and maintenance of NIST Cybersecurity Framework (CSF), Data Security Posture Management (DSPM), Access Controls Audits, Supply Chain / Vendor Risk Management, privacy policies and procedures, investigation of privacy incidents and report the inappropriate access and/or disclosure of protected information according to CCPA, GDPR and other applicable state, federal, and international laws. Works under general supervision.

Responsibilities

What you’ll do:

• Demonstrates a working knowledge of data privacy, security laws, and frameworks, including CCPA, GDPR, and the NIST Cybersecurity Framework
• Informs and advises Concord and its employees regarding privacy and data protection, and their obligations to comply with data protection laws
• Develops and maintains privacy policies, guidelines, and best practices for Concord
• Implement and oversee Data Security Posture Management (DSPM) solutions to protect sensitive data and ensure data privacy.
• Conduct regular access controls audits to ensure that access to systems and data is appropriately managed and monitored.
• Oversee supply chain / vendor risk management to ensure that third-party vendors comply with security and privacy standards.
• Partners with key business areas to ensure proper management of data privacy and security issues
• Works closely with the Information Technology team to ensure appropriate technical and security measures are in place to prevent data loss through vulnerability and risk assessments
• Acts as an advisor to the company on all aspects related to data privacy and protection, including assessing compliance on new projects and acquisitions
• Identify trends in privacy and regulatory requirements and compliance enforcement and drive the necessary changes in Concord’s data governance program
• Communicates risk to both technical non-technical stakeholders across the business and negotiates risk mitigation strategies
• Conducts regular privacy policy compliance assessments to ensure proper adherence to Concord's privacy policies
• Performs compliance report monitoring activities on collaborating partners, third-party service providers' and other data processors' levels of privacy compliance
• Support the creation of an inventory that documents how and why Concord collects, shares and uses personal data

Qualifications

What you’ll need:

• Bachelor’s degree in information technology, Computer Science or other related discipline, or the equivalent combination of education and experience.
• 5+ years professional experience in a role involving privacy and compliance.
• Prior supervisory/management experience helpful but not required.
• Functional knowledge of data protection laws, standards, and associated frameworks (e.g., GDPR, EU Privacy Shield, CCPA and NIST Cybersecurity Framework)
• Experience conducting risk and privacy assessments, internal audits and developing corrective action plans.
• IAPP Certification: Certified Information Privacy Professional (CIPP) or equivalent certification is preferred
• Experience configuring and utilizing GRC and privacy technology platforms

*This job is hybrid- requiring 3 days a week minimum on site. 

At Concord, we offer comprehensive medical and wellness benefits, generous time off, parental leave, charity match, paid time off for volunteering, and other fun company perks. We have beautiful new offices and a culture committed to supporting everyone’s growth and development.

Concord is an equal opportunity employer. We employ, train, compensate and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. We believe that diversity, inclusion and equity is paramount for the creation of music, theater and film that celebrates and empowers all cultures.