IT Security Manager

About The Position

Requirements

• 7+ years of experience in Security Engineering, Application Security, or related disciplines.
• 2+ years of experience leading or mentoring engineering teams.
• Strong background in application security, including secure coding, threat modeling, and vulnerability management.
• Experience with modern application architectures, APIs, and cloud-native environments.
• Deep understanding of web security, authentication, and authorization mechanisms.
• Experience implementing or overseeing security tooling (SAST, DAST, API security, etc.).
• Strong understanding of security frameworks and standards (e.g., OWASP, NIST, ISO 27001).
• Experience working in cloud environments (AWS, Azure, or GCP).
• Ability to communicate complex security risks to both technical and non-technical stakeholders.
• Proven ability to drive cross-functional initiatives in a global organization.

Nice To Haves

• Experience leading application security or product security programs at enterprise scale.
• Familiarity with IAM concepts and integration with identity platforms (SSO, federation, access control).
• Experience with DevSecOps practices and integrating security into CI/CD pipelines.
• Professional certifications such as CISSP, CISM, CSSLP, or equivalent.
• Experience in media, entertainment, or similarly distributed global organizations.

Responsibilities

• Lead and develop a team of IT Security Engineers, providing technical guidance, mentorship, and performance management.
• Define and execute the strategy and roadmap for application and product security across the enterprise.
• Establish and mature secure software development lifecycle (SDLC) practices, including threat modeling, code review, and security testing.
• Oversee application security testing programs including SAST, DAST, API security, and penetration testing.
• Partner with engineering, DevOps, and infrastructure teams to embed security controls into CI/CD pipelines and cloud environments.
• Collaborate with vulnerability management teams to prioritize and remediate application and platform risks.
• Define and enforce security standards, policies, and best practices aligned with industry frameworks and regulatory requirements.
• Provide security architecture guidance for new applications, services, and integrations.
• Drive adoption of modern authentication and identity patterns, including SSO, federation, and Zero Trust principles.
• Oversee tooling strategy and selection for application security and security engineering capabilities.
• Support audit, compliance, and risk management activities (e.g., SOX, ISO 27001, NIST).
• Track and report on security posture, metrics, and key risk indicators to senior leadership.
• Lead incident response support for application-layer and security vulnerabilities where required.
• Promote security awareness and education across engineering and product teams.

Benefits

• Comprehensive medical, dental, and vision coverage
• Including 100% coverage for out-patient in-network mental health services
• Fertility coverage for eligible medical plan participants
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• Student Loan Repayment Assistance and Tuition Reimbursement
• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
• A variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Company Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent