Manager, Tech Security

Job Summary

We are currently seeking an Manager, Tech Security to lead application and platform security initiatives within UMG’s global Tech Security & Identity organization. Reporting to the VP, Security & Identity, this roleis responsible fordriving the strategy, execution, and maturity of security engineering practices across applications, cloud platforms, and development teams.

This manager will oversee a team of security engineers and act as a key partner to engineering, infrastructure, and product teams to ensure that security is embedded throughout the software development lifecycle. The role combines leadership, program ownership, and technical oversight across application security, vulnerability management, and secure architecture practices.

The ideal candidate brings strong experience in application or product security,a track recordof leading engineering teams, and the ability to translate security risks into actionable business and technical outcomes.

Job Functions

• Lead and develop a team of IT Security Engineers,providingtechnical guidance, mentorship, and performance management.

• Define and execute the strategy and roadmap for application and product security across the enterprise.

• Establish and mature secure software development lifecycle (SDLC) practices, including threat modeling, code review, and security testing.

• Oversee application security testing programs including SAST, DAST, API security, and penetration testing.

• Partner with engineering, DevOps, and infrastructure teams to embed security controls into CI/CD pipelines and cloud environments.

• Collaborate with vulnerability management teams to prioritize and remediate application and platform risks.

• Define and enforce security standards, policies, and best practices aligned with industry frameworks and regulatory requirements.

• Providesecurity architecture guidance for new applications, services, and integrations.

• Drive adoption of modern authentication and identity patterns, including SSO, federation, and Zero Trust principles.

• Oversee tooling strategy andselectionfor application security and security engineering capabilities.

• Support audit, compliance, and risk management activities (e.g., SOX, ISO 27001, NIST).

• Track and report on security posture, metrics, and key risk indicators to senior leadership.

• Lead incident response support for application-layer and security vulnerabilities where.

• Promote security awareness and education across engineering and product teams.

Job Requirements

Essential Qualifications

• 7+ years of experience in Security Engineering, Application Security, or related disciplines.

• 2+ years of experience leading or mentoring engineering teams.

• Strong background in application security, including secure coding, threat modeling, and vulnerability management.

• Experience with modern application architectures, APIs, and cloud-native environments.

• Deep understanding of web security, authentication, and authorization mechanisms.

• Experience implementing or overseeing security tooling (SAST, DAST, API security, etc.).

• Strong understanding of security frameworks and standards (e.g., OWASP, NIST, ISO 27001).

• Experience working in cloud environments (AWS, Azure, or GCP).

• Ability to communicate complex security risks to both technical and non-technical stakeholders.

• Proven ability to drive cross-functional initiatives in a global organization.

Desirable Qualifications

• Experience leading application security or product security programs at enterprise scale.

• Familiarity with IAM concepts and integration with identity platforms (SSO, federation, access control).

• Experience withDevSecOpspractices andintegratingsecurity into CI/CD pipelines.

• Professional certifications such as CISSP, CISM, CSSLP, or equivalent.

• Experience in media, entertainment, or similarly distributed global organizations.