Data Governance & Compliance Manager Position Available In Davidson, Tennessee
Tallo's Job Summary: The Data Governance & Compliance Manager position at Concord Music Group, Inc. in Nashville, TN offers a salary range of $92.7K to $122K a year. The role requires a Bachelor's degree in Information Technology or Computer Science, 5+ years of professional experience, and familiarity with data protection laws and frameworks. The Manager will lead the organization's Privacy, Governance, and Compliance Program, including implementing NIST Cybersecurity Framework, managing Data Security Posture, and overseeing vendor risk management. This hybrid job entails minimum 3 days on-site work per week and offers comprehensive benefits and growth opportunities. Concord is an equal opportunity employer.
Job Description
Data Governance & Compliance Manager Concord Music Group, Inc. – 3.4
Nashville, TN Job Details Full-time Estimated:
$92.7K – $122K a year 17 hours ago Benefits Health insurance Paid time off Parental leave Volunteer time off Qualifications Vulnerability assessment Management Computer Science 5 years Supervising experience Bachelor’s degree NIST standards Cybersecurity Senior level
Certified Information Privacy Professional Information Technology Full Job Description Overview:
Concord is the world’s leading independent music company. The Company supports more than 125,000 artists and songwriters whose works are licensed, marketed, and performed globally. Concord’s growing catalog of 1.3 million songs, compositions, sound recordings, films, plays, and musicals is one of the most impactful and culturally relevant collections of creative rights in history. Concord is headquartered in Nashville with additional offices in Los Angeles, New York, London, Berlin, Melbourne, and Miami. As the Data Governance & Compliance Manager , you will report the Senior Director, Info Security and Data Governance, working closely with Legal and Business Affairs team, to lead the organization’s Privacy, Governance, and Compliance Program. Duties for the role include, but are not limited to the development, implementation and maintenance of NIST Cybersecurity Framework (CSF), Data Security Posture Management (DSPM), Access Controls Audits, Supply Chain / Vendor Risk Management, privacy policies and procedures, investigation of privacy incidents and report the inappropriate access and/or disclosure of protected information according to CCPA, GDPR and other applicable state, federal, and international laws. Works under general supervision.
Responsibilities:
What you’ll do: Demonstrates a working knowledge of data privacy, security laws, and frameworks, including CCPA, GDPR, and the NIST Cybersecurity Framework Informs and advises Concord and its employees regarding privacy and data protection, and their obligations to comply with data protection laws Develops and maintains privacy policies, guidelines, and best practices for Concord Implement and oversee Data Security Posture Management (DSPM) solutions to protect sensitive data and ensure data privacy. Conduct regular access controls audits to ensure that access to systems and data is appropriately managed and monitored. Oversee supply chain / vendor risk management to ensure that third-party vendors comply with security and privacy standards. Partners with key business areas to ensure proper management of data privacy and security issues Works closely with the Information Technology team to ensure appropriate technical and security measures are in place to prevent data loss through vulnerability and risk assessments Acts as an advisor to the company on all aspects related to data privacy and protection, including assessing compliance on new projects and acquisitions Identify trends in privacy and regulatory requirements and compliance enforcement and drive the necessary changes in Concord’s data governance program Communicates risk to both technical non-technical stakeholders across the business and negotiates risk mitigation strategies Conducts regular privacy policy compliance assessments to ensure proper adherence to Concord’s privacy policies Performs compliance report monitoring activities on collaborating partners, third-party service providers’ and other data processors’ levels of privacy compliance Support the creation of an inventory that documents how and why Concord collects, shares and uses personal data
Qualifications:
What you’ll need: Bachelor’s degree in information technology, Computer Science or other related discipline, or the equivalent combination of education and experience. 5+ years professional experience in a role involving privacy and compliance. Prior supervisory/management experience helpful but not required. Functional knowledge of data protection laws, standards, and associated frameworks (e.g., GDPR, EU Privacy Shield, CCPA and NIST Cybersecurity Framework) Experience conducting risk and privacy assessments, internal audits and developing corrective action plans.
IAPP Certification:
Certified Information Privacy Professional (CIPP) or equivalent certification is preferred Experience configuring and utilizing GRC and privacy technology platforms This job is hybrid- requiring 3 days a week minimum on site. At Concord, we offer comprehensive medical and wellness benefits, generous time off, parental leave, charity match, paid time off for volunteering, and other fun company perks. We have beautiful new offices and a culture committed to supporting everyone’s growth and development. Concord is an equal opportunity employer. We employ, train, compensate and promote regardless of race, religion, color, national origin, sex, disability, age, veteran status, and other protected status as required by applicable law. We believe that diversity, inclusion and equity is paramount for the creation of music, theater and film that celebrates and empowers all cultures.
