Job Description

We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are currently seeking an Manager, Tech Security to lead application and platform security initiatives within UMG’s global Tech Security & Identity organization. Reporting to the VP, Security & Identity, this roleis responsible fordriving the strategy, execution, and maturity of security engineering practices across applications, cloud platforms, and development teams.

This manager will oversee a team of security engineers and act as a key partner to engineering, infrastructure, and product teams to ensure that security is embedded throughout the software development lifecycle. The role combines leadership, program ownership, and technical oversight across application security, vulnerability management, and secure architecture practices.

The ideal candidate brings strong experience in application or product security,a track recordof leading engineering teams, and the ability to translate security risks into actionable business and technical outcomes.

Job Functions

• Lead and develop a team of IT Security Engineers,providingtechnical guidance, mentorship, and performance management.

• Define and execute the strategy and roadmap for application and product security across the enterprise.

• Establish and mature secure software development lifecycle (SDLC) practices, including threat modeling, code review, and security testing.

• Oversee application security testing programs including SAST, DAST, API security, and penetration testing.

• Partner with engineering, DevOps, and infrastructure teams to embed security controls into CI/CD pipelines and cloud environments.

• Collaborate with vulnerability management teams to prioritize and remediate application and platform risks.

• Define and enforce security standards, policies, and best practices aligned with industry frameworks and regulatory requirements.

• Providesecurity architecture guidance for new applications, services, and integrations.

• Drive adoption of modern authentication and identity patterns, including SSO, federation, and Zero Trust principles.

• Oversee tooling strategy andselectionfor application security and security engineering capabilities.

• Support audit, compliance, and risk management activities (e.g., SOX, ISO 27001, NIST).

• Track and report on security posture, metrics, and key risk indicators to senior leadership.

• Lead incident response support for application-layer and security vulnerabilities whererequired

• Promote security awareness and education across engineering and product teams.

Job Requirements

Essential Qualifications

• 7+ years of experience in Security Engineering, Application Security, or related disciplines.

• 2+ years of experience leading or mentoring engineering teams.

• Strong background in application security, including secure coding, threat modeling, and vulnerability management.

• Experience with modern application architectures, APIs, and cloud-native environments.

• Deep understanding of web security, authentication, and authorization mechanisms.

• Experience implementing or overseeing security tooling (SAST, DAST, API security, etc.).

• Strong understanding of security frameworks and standards (e.g., OWASP, NIST, ISO 27001).

• Experience working in cloud environments (AWS, Azure, or GCP).

• Ability to communicate complex security risks to both technical and non-technical stakeholders.

• Proven ability to drive cross-functional initiatives in a global organization.

Desirable Qualifications

• Experience leading application security or product security programs at enterprise scale.

• Familiarity with IAM concepts and integration with identity platforms (SSO, federation, access control).

• Experience withDevSecOpspractices andintegratingsecurity into CI/CD pipelines.

• Professional certifications such as CISSP, CISM, CSSLP, or equivalent.

• Experience in media, entertainment, or similarly distributed global organizations.

Perks Playlist:

Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

• Comprehensive medical, dental, and vision coverage

• Including 100% coverage for out-patient in-network mental health services

• Fertility coverage for eligible medical plan participants

• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

• Student Loan Repayment Assistance and Tuition Reimbursement

• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

• Flexible Paid Time Off (PTO) for exempt employees

• 3-weeks PTO for non-exempt employees

• 2-weeks paid Winter Break

• 10 Company Holidays (including Juneteenth and Wellbeing Day)

• Summer Fridays (between Memorial Day and Labor Day)

• Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

Please note, UMG is not enrolled in E-Verify in California and New York, and cannot support employment of candidates whose employer must enroll in E-Verify, for example candidates on STEM-OPT.

For more information, please click on the following links.

E-Verify Participation Poster: English / Spanish

E-Verify Right to Work Poster: English | Spanish

Job Category:

Technology

Salary Range:

$128,405 - $180,200

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.