Security Practice Lead

 

Musixmatch is the leading music metadata company, featuring the world’s largest lyrics catalog and a community of over 80M contributors. Musixmatch is the trusted global  partner of companies like Spotify, Apple, Amazon Music, Meta, Google, YouTube, Tidal, and Snapchat and works with nearly 4,000 music publishing rightsholders (representing more than 225,000 songwriters), including Sony Music Publishing, Universal Music Publishing, Warner/Chappell, Kobalt, BMG Rights, and the Harry Fox Agency.

We are a bunch of creatives who care about our work and what we do.  We believe that participation and collaboration are key to getting things done well.  We are looking for tech-savvy people who are eager to learn in a fast-paced environment, who have an international outlook on life, and who love taking on new challenges.

 

We are looking for a Security Practice Lead to own and drive information security across our organization. You will shape our security strategy, protect our systems, data, and expanding AI infrastructure, and act as a key voice in company-wide decisions. This is a high-impact, cross-functional role at the intersection of engineering, AI development, compliance, and leadership.

What you will do:

• Define and own the security strategy: Oversee comprehensive security across cloud, network, and application layers, partnering with engineering on vulnerability management.
• Secure AI & ML integrations: Establish and enforce security guardrails for AI pipelines and LLM deployments, protecting against AI-specific threats (e.g., prompt injection, data poisoning, supply chain) and ensuring model safety.
• Risk & Incident Management: Assess security risks, monitor processes continuously, and coordinate effective incident response and recovery efforts.
• Policy & Compliance: Develop and manage security policies, ensuring compliance with privacy laws, standard frameworks, and emerging AI regulations (e.g., EU AI Act), aligning closely with DPO directives.
• Cross-functional Leadership: Collaborate with senior leadership to embed security (and AI security-by-design) into business decisions.
• Security Evangelism, Training & Vendor Management: Champion a security-first culture across the company. Design and deliver training programs, run awareness campaigns, and act as an internal advocate who makes security understandable and relevant for everyone, from engineers to non-technical teams. Manage risk assessments for external vendors and consultants to ensure third-party security standards are met.

Requirements:

• Proven information security leadership experience with the ability to translate technical risks into business language
• Deep knowledge of standard security frameworks (ISO 27001, SOC 2, GDPR) and strong background in policy development
• Solid understanding of AI security: familiarity with AI-specific vulnerabilities (e.g., OWASP Top 10 for LLMs) and experience securing data privacy within machine learning pipelines
• Hands-on experience with cloud, application, and device security (MDM), incident management, and post-incident recovery
• Ability to work cross-functionally with engineering, product, AI/Data, legal, and executive teams
  
  

Nice to have:

• Security certifications such as CISSP, CISM, CEH, or CAISP (Certified AI Security Professional)
• Familiarity with AI risk management frameworks (e.g., NIST AI RMF)
• Experience in the music, media, or entertainment tech industry
• Familiarity with DPO workflows, privacy-by-design principles, and working with regulatory bodies

What we offer:

• Relocation to Bologna (Italy) or remote work. We are a hybrid company.
• Italian and English language lessons.
• Top-class tech and equipment.
• Company-wide retreats.
• The gross annual base salary for this role is €60,000-€70,000, calibrated on experience and seniority. The package includes a variable performance bonus tied to individual and company goals, plus a flexible welfare credit to use on the benefits that matter most to you. As a distributed team hiring across multiple countries, compensation may vary based on local market benchmarks and employment conditions in the candidate’s location.