Senior Manager, Technology Risk & Recovery

About The Position

Requirements

• Bachelor’s degree in Information Technology, Business or related field.
• 7–10+ years of experience in technology risk management, business continuity, disaster recovery, vendor management, audit or IT governance with a leadership background.
• Understanding of technology risk management frameworks and standards (e.g., NIST CSF, ISO 22301, ITIL, COBIT).
• Familiarity with IT infrastructure, cloud solutions and application environments.
• Solid knowledge of SOC reporting (SOC 1 & SOC 2, including Type I and II).
• Excellent analytical, communication, documentation, problem-solving and stakeholder-engagement skills.
• Proven ability to manage multiple complex initiatives simultaneously.
• Exceptional written and verbal communication to articulate complex technical risks to both technical and non-technical audiences, including executive leadership.
• Ability to assess risk, interpret data, and recommend effective mitigation strategies.
• High proficiency in MS Office Suite (Excel, PowerPoint, Word) and Visio at an intermediate level or above.

Nice To Haves

• Experience with ServiceNow, Azure DevOps, Fusion, Metric Stream or GRC tools
• Understanding of cloud platform controls (AWS, GCP, Azure) and SaaS risk considerations.
• Experience working at publicly listed companies subject to SOX and understanding of accounting principles under IFRS.
• Knowledge of the role of IT General Controls and application controls.
• Strong understanding of governance and internal control regulations.
• Experience working in the media and entertainment industry.
• Professional certifications in Risk Management or Governance e.g., ISACA Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Business Continuity Professional (CBCP), ISO 22301, Certified Third Party Risk Professional (CTPRP), COBIT 2019, or ITIL 4

Responsibilities

• Technology Recovery Program Oversight: Manage the end-to-end lifecycle of the technology recovery program, including coordinating with application owners to define recovery time objectives (RTOs) and recovery point objectives (RPOs). Ensure that recovery plans are developed, updated, regularly tested, and that after-action items are tracked through to completion. Implement appropriate mitigation strategies to reduce the organization’s overall technology risk profile.
• Tech Business Continuity Program Liaison: Partner with the Global Security Office (GSO) to coordinate with critical technology service owners in developing comprehensive Business Continuity Plans. Responsibilities include data collection and analysis, plan development and formalization, integration into Fusion, and establishing strong governance processes for ongoing oversight and review.
• Third-Party SOC Report Management: Lead the review of vendor SOC 1, SOC 2 and relevant assurance artifacts. Identify control exceptions, deviations, qualifications, or subservice organizations that may introduce risk. Map Complementary User Entity Controls (CUECs) to internal control owners and operational processes. Ensure CUEC obligations are understood and met and identify gaps requiring remediation.
• Technology Risk Management: Own and maintain technology risk registers, evaluate risks based on severity and business impact, ensure remediation plans are defined, executed, and reported. Partner with internal leaders to align on risk posture and control expectations.
• Internal Advisor: Serve as a trusted advisor by providing consultation, guidance, and subject-matter expertise on technology risk topics. Deliver training and awareness sessions and publish monthly newsletter articles to Global Technology teams to strengthen risk understanding and compliance. Champion a risk-aware culture by promoting a proactive risk mindset, building strong cross-functional relationships, and driving grassroots adoption of risk management practices.
• Reporting and Metrics: Prepare and deliver materials for technology leadership updates and board-level discussions. Develop and report key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and progress. Communicate emerging risks and program performance insights to senior leadership. Establish and lead recurring governance forums to ensure ongoing oversight and alignment.

Benefits

• Comprehensive medical, dental, and vision coverage
• Including 100% coverage for out-patient in-network mental health services
• Fertility coverage for eligible medical plan participants
• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
• Student Loan Repayment Assistance and Tuition Reimbursement
• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
• A variety of ways to prioritize much-needed time away from work including:
• Flexible Paid Time Off (PTO) for exempt employees
• 3-weeks PTO for non-exempt employees
• 2-weeks paid Winter Break
• 10 Company Holidays (including Juneteenth and Wellbeing Day)
• Summer Fridays (between Memorial Day and Labor Day)
• Generous paid parental leave for every type of parent