Senior Manager, Technology Risk & Recovery - Santa Monica, 90404

Senior Manager, Technology Risk & Recovery - Santa Monica, 90404, United States of America

How we LEAD

UMG's Technology Risk Management Department partners with technology leaders and subject-matter experts across the globe to monitor compliance and manage risks to our technology infrastructure, systems, and data. The Senior Manager of Technology Risk & Recovery is responsible for overseeing technology recovery compliance, governing technology risks, and monitoring third-party compliance through SOC report reviews. The ideal candidate brings deep expertise in technology governance, risk management frameworks, and recovery planning, along with the ability to influence stakeholders at all levels.

How you'll CREATE - Job Responsibilities

• Technology Recovery Program Oversight : Manage the end-to-end lifecycle of the technology recovery program, including coordinating with application owners to define recovery time objectives (RTOs) and recovery point objectives (RPOs). Ensure that recovery plans are developed, updated, regularly tested, and that after-action items are tracked through to completion. Implement appropriate mitigation strategies to reduce the organization’s overall technology risk profile.
• Tech Business Continuity Program Liaison : Partner with the Global Security Office (GSO) to coordinate with critical technology service owners in developing comprehensive Business Continuity Plans. Responsibilities include data collection and analysis, plan development and formalization, integration into Fusion, and establishing strong governance processes for ongoing oversight and review.
• Third-Party SOC Report Management : Lead the review of vendor SOC 1, SOC 2 and relevant assurance artifacts. Identify control exceptions, deviations, qualifications, or subservice organizations that may introduce risk. Map Complementary User Entity Controls (CUECs) to internal control owners and operational processes. Ensure CUEC obligations are understood and met and identify gaps requiring remediation.
• Technology Risk Management: Own and maintain technology risk registers, evaluate risks based on severity and business impact, ensure remediation plans are defined, executed, and reported. Partner with internal leaders to align on risk posture and control expectations.
• Internal Advisor : Serve as a trusted advisor by providing consultation, guidance, and subject-matter expertise on technology risk topics. Deliver training and awareness sessions and publish monthly newsletter articles to Global Technology teams to strengthen risk understanding and compliance. Champion a risk-aware culture by promoting a proactive risk mindset, building strong cross-functional relationships, and driving grassroots adoption of risk management practices.
• Reporting and Metrics : Prepare and deliver materials for technology leadership updates and board-level discussions. Develop and report key risk indicators (KRIs) and key performance indicators (KPIs) to measure program effectiveness and progress. Communicate emerging risks and program performance insights to senior leadership. Establish and lead recurring governance forums to ensure ongoing oversight and alignment.

Bring your VIBE

Required

• Bachelor’s degree in Information Technology, Business or related field.
• 7–10+ years of experience in technology risk management, business continuity, disaster recovery, vendor management, audit or IT governance with a leadership background.
• Understanding of technology risk management frameworks and standards (e.g., NIST CSF, ISO 22301, ITIL, COBIT).
• Familiarity with IT infrastructure, cloud solutions and application environments.
• Solid knowledge of SOC reporting (SOC 1 & SOC 2, including Type I and II).
• Excellent analytical, communication, documentation, problem-solving and stakeholder-engagement skills.
• Proven ability to manage multiple complex initiatives simultaneously.
• Exceptional written and verbal communication to articulate complex technical risks to both technical and non-technical audiences, including executive leadership.
• Ability to assess risk, interpret data, and recommend effective mitigation strategies.
• High proficiency in MS Office Suite (Excel, PowerPoint, Word) and Visio at an intermediate level or above.

Preferred

• Experience with ServiceNow, Azure DevOps, Fusion, Metric Stream or GRC tools
• Understanding of cloud platform controls (AWS, GCP, Azure) and SaaS risk considerations.
• Experience working at publicly listed companies subject to SOX and understanding of accounting principles under IFRS.
• Knowledge of the role of IT General Controls and application controls.
• Strong understanding of governance and internal control regulations.
• Experience working in the media and entertainment industry.
• Professional certifications in Risk Management or Governance e.g., ISACA Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Business Continuity Professional (CBCP), ISO 22301, Certified Third Party Risk Professional (CTPRP), COBIT 2019, or ITIL 4

What Success Looks Like

• Strong, measurable improvements in technology resilience and overall risk posture
• Clearly defined, consistently executed Technology Recovery processes
• High-quality executive reporting and proactive identification of emerging risks
• Strong cross-functional adoption of technology risk management practices
• Comprehensive monitoring of third-party SOC reports and effective internal validation of CUECs

#LI-Remote