Senior Manager, Technology Risk & Recovery

Job Description

How we LEAD
UMG's Technology Risk Management Department partners with technology leaders and subject-matter experts across the globe to monitor compliance and manage risks to our technology infrastructure, systems, and data. The Senior Manager of Technology Risk & Recovery is responsible for overseeing technology recovery compliance, governing technology risks, and monitoring third-party compliance through SOC report reviews. The ideal candidate brings deep expertise in technology governance, risk management frameworks, and recovery planning, along with the ability to influence stakeholders at all levels.

How you'll CREATE - Job Responsibilities
• Technology Recovery Program Oversight: Manage the end-to-end lifecycle of the technology recovery program, including coordinating with application owners to define recovery time objectives (RTOs) and recovery point objectives (RPOs). Ensure that recovery plans are developed, updated, regularly tested, and that after-action items are tracked through to completion. Implement appropriate mitigation strategies to reduce the organization's overall technology risk profile.
• Tech Business Continuity Program Liaison: Partner with the Global Security Office (GSO) to coordinate with critical technology service owners in developing comprehensive Business Continuity Plans. Responsibilities include data collection and analysis, plan development and formalization, integration into Fusion, and establishing strong governance processes for ongoing oversight and review.
• Third-Party SOC Report Management: Lead the review of vendor SOC 1, SOC 2 and relevant assurance artifacts. Identify control exceptions, deviations, qualifications, or subservice organizations that may introduce risk. Map Complementary User Entity Controls (CUECs) to internal control owners and operational processes. Ensure CUEC obligations are understood and met and identify gaps requiring remediation.
• Technology Risk Management: Own and maintain technology risk registers, evaluate risks based on severity and business impact, ensure remediation plans are defined, executed, and reported. Partner with internal leaders to align on risk posture and control expectations.
• Internal Advisor: Serve as a trusted advisor by providing consultation, guidance, and subject-matter expertise on technology risk topics. Deliver training and awareness sessions and publish monthly newsletter articles to Global Technology teams to strengthen risk understanding and compliance. Champion a risk-aware culture by promoting a proactive risk mindset, building strong cross-functional relationships, and driving grassroots adoption of risk management practices.
• Reporting and Metrics: Prepare and deliver materials for technology leadership updates and board-level discussions. Develop and report key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and progress. Communicate emerging risks and program performance insights to senior leadership. Establish and lead recurring governance forums to ensure ongoing oversight and alignment.
Bring your VIBE
Required
• Bachelor's degree in Information Technology, Business or related field.
• 7–10+ years of experience in technology risk management, business continuity, disaster recovery, vendor management, audit or IT governance with a leadership background.
• Understanding of technology risk management frameworks and standards (e.g., NIST CSF, ISO 22301, ITIL, COBIT).
• Familiarity with IT infrastructure, cloud solutions and application environments.
• Solid knowledge of SOC reporting (SOC 1 & SOC 2, including Type I and II).
• Excellent analytical, communication, documentation, problem-solving and stakeholder-engagement skills.
• Proven ability to manage multiple complex initiatives simultaneously.
• Exceptional written and verbal communication to articulate complex technical risks to both technical and non-technical audiences, including executive leadership.
• Ability to assess risk, interpret data, and recommend effective mitigation strategies.
• High proficiency in MS Office Suite (Excel, PowerPoint, Word) and Visio at an intermediate level or above.
Preferred
• Experience with ServiceNow, Azure DevOps, Fusion, Metric Stream or GRC tools
• Understanding of cloud platform controls (AWS, GCP, Azure) and SaaS risk considerations.
• Experience working at publicly listed companies subject to SOX and understanding of accounting principles under IFRS.
• Knowledge of the role of IT General Controls and application controls.
• Strong understanding of governance and internal control regulations.
• Experience working in the media and entertainment industry.
• Professional certifications in Risk Management or Governance e.g., ISACA Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Business Continuity Professional (CBCP), ISO 22301, Certified Third Party Risk Professional (CTPRP), COBIT 2019, or ITIL 4
What Success Looks Like
• Strong, measurable improvements in technology resilience and overall risk posture
• Clearly defined, consistently executed Technology Recovery processes
• High-quality executive reporting and proactive identification of emerging risks
• Strong cross-functional adoption of technology risk management practices
• Comprehensive monitoring of third-party SOC reports and effective internal validation of CUECs
e
Perks Playlist:
Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren't just values-they're how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):
• Comprehensive medical, dental, and vision coverage
• Including 100% coverage for out-patient in-network mental health services
• Fertility coverage for eligible medical plan participants
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• Student Loan Repayment Assistance and Tuition Reimbursement
• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
A variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Company Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent
Check out our full overview of benefits on the Perks Playlist page of the career site.
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.
|
Job Category:
Technology
Salary Range:
$132,405 - $175,205
The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.

Jobcode: Reference SBJ-5bze0e-216-73-216-34-42 in your application.