Senior Manager, Technology Risk & Recovery

Senior Manager, Technology Risk & Recovery

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

How Universal Music Group LEADS in Technology Risk Management

UMG's Technology Risk Management Department partners with technology leaders and subject-matter experts across the globe to monitor compliance and manage risks to our technology infrastructure, systems, and data. The Senior Manager of Technology Risk & Recovery is responsible for overseeing technology recovery compliance, governing technology risks, and monitoring third-party compliance through SOC report reviews. The ideal candidate brings deep expertise in technology governance, risk management frameworks, and recovery planning, along with the ability to influence stakeholders at all levels.

Key Responsibilities of the Senior Manager, Technology Risk & Recovery

As a Senior Manager, Technology Risk & Recovery, you will create impact through the following responsibilities:

• Technology Recovery Program Oversight: Manage the end-to-end lifecycle of the technology recovery program, including coordinating with application owners to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Ensure recovery plans are developed, updated, regularly tested, and after-action items are tracked to completion. Implement appropriate mitigation strategies to reduce the organization’s overall technology risk profile.
• Tech Business Continuity Program Liaison: Partner with the Global Security Office (GSO) to coordinate with critical technology service owners in developing comprehensive Business Continuity Plans. This includes data collection and analysis, plan development and formalization, integration into Fusion, and establishing strong governance processes for ongoing oversight and review.
• Third-Party SOC Report Management: Lead the review of vendor SOC 1, SOC 2, and relevant assurance artifacts. Identify control exceptions, deviations, qualifications, or subservice organizations that may introduce risk. Map Complementary User Entity Controls (CUECs) to internal control owners and operational processes. Ensure CUEC obligations are understood and met, and identify gaps requiring remediation.
• Technology Risk Management: Own and maintain technology risk registers, evaluate risks based on severity and business impact, and ensure remediation plans are defined, executed, and reported. Partner with internal leaders to align on risk posture and control expectations.
• Internal Advisor: Serve as a trusted advisor by providing consultation, guidance, and subject-matter expertise on technology risk topics. Deliver training and awareness sessions and publish monthly newsletter articles to Global Technology teams to strengthen risk understanding and compliance. Champion a risk-aware culture by promoting a proactive risk mindset, building strong cross-functional relationships, and driving grassroots adoption of risk management practices.
• Reporting and Metrics: Prepare and deliver materials for technology leadership updates and board-level discussions. Develop and report Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to measure program effectiveness and progress. Communicate emerging risks and program performance insights to senior leadership. Establish and lead recurring governance forums to ensure ongoing oversight and alignment.

Qualifications and Experience

Required:

• Bachelor’s degree in Information Technology, Business, or a related field.
• 7–10+ years of experience in technology risk management, business continuity, disaster recovery, vendor management, audit, or IT governance with a leadership background.
• Understanding of technology risk management frameworks and standards (e.g., NIST CSF, ISO 22301, ITIL, COBIT).
• Familiarity with IT infrastructure, cloud solutions, and application environments.
• Solid knowledge of SOC reporting (SOC 1 & SOC 2, including Type I and II).
• Excellent analytical, communication, documentation, problem-solving, and stakeholder-engagement skills.
• Proven ability to manage multiple complex initiatives simultaneously.
• Exceptional written and verbal communication to articulate complex technical risks to both technical and non-technical audiences, including executive leadership.
• Ability to assess risk, interpret data, and recommend effective mitigation strategies.
• High proficiency in MS Office Suite (Excel, PowerPoint, Word) and Visio at an intermediate level or above.

Preferred:

• Experience with ServiceNow, Azure DevOps, Fusion, Metric Stream, or GRC tools.
• Understanding of cloud platform controls (AWS, GCP, Azure) and SaaS risk considerations.
• Experience working at publicly listed companies subject to SOX and understanding of accounting principles under IFRS.
• Knowledge of the role of IT General Controls and application controls.
• Strong understanding of governance and internal control regulations.
• Experience working in the media and entertainment industry.
• Professional certifications in Risk Management or Governance (e.g., ISACA Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Business Continuity Professional (CBCP), ISO 22301, Certified Third Party Risk Professional (CTPRP), COBIT 2019, or ITIL 4).

What Success Looks Like in this Role

• Strong, measurable improvements in technology resilience and overall risk posture.
• Clearly defined, consistently executed Technology Recovery processes.
• High-quality executive reporting and proactive identification of emerging risks.
• Strong cross-functional adoption of technology risk management practices.
• Comprehensive monitoring of third-party SOC reports and effective internal validation of CUECs.

Perks & Benefits at Universal Music Group

Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

• Comprehensive medical, dental, and vision coverage, including 100% coverage for out-patient in-network mental health services.
• Fertility coverage for eligible medical plan participants.
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year).
• Student Loan Repayment Assistance and Tuition Reimbursement.
• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution.

UMG supports a variety of ways to prioritize much-needed time away from work, including:

• Flexible Paid Time Off (PTO) for exempt employees.
• 3-weeks PTO for non-exempt employees.
• 2-weeks paid Winter Break.
• 10 Company Holidays (including Juneteenth and Wellbeing Day).
• Summer Fridays (between Memorial Day and Labor Day).
• Generous paid parental leave for every type of parent.

Check out our full overview of benefits on the Perks Playlist page of the career site.

Key skills/competency

• Technology Risk Management
• Business Continuity Planning
• Disaster Recovery
• IT Governance
• SOC Report Review
• Third-Party Risk
• NIST CSF
• ISO 22301
• Stakeholder Engagement
• Compliance Monitoring