We are UMG, the Universal Music Group. We are the world’s leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
How we LEAD:
The Senior Manager, Global IT Audit, Risk & Advisory, will help develop, mature, and execute UMG's IT internal audit program in a publicly listed U.S. environment. This role is responsible for leading complex, risk-based technology audits, strengthening SOX IT control assurance; assessing cybersecurity, infrastructure, application, and third-party technology risks; and translating audit results into practical, business-oriented recommendations.
This role requires a hands-on technology risk leader who can manage end-to-end audits, coach audit team members, build productive relationships across technology and business teams, and support the continued development of UMG's IT audit methodology, reporting, tools, and control maturity.
How you'll CREATE:
Lead IT audit planning and execution
Lead complex IT audits from planning through reporting and remediation validation.
Contribute to the IT risk assessment and support development of the annual and multi-year IT audit plan.
Translate risk assessment results into clear audit objectives, scope, work programs, testing approaches, and resource plans.
Ensure audit workpapers, evidence, conclusions, and issue ratings meet methodology and quality standards.
Coordinate work performed by internal audit staff, co-source partners, and other assurance providers as applicable.
Cybersecurity & Technology Risk Oversight
Assess IT and cybersecurity governance, incident response, identity and access management, vulnerability management, and security operations controls.
Review cloud infrastructure environments, ERP platforms, financial systems, data platforms, and critical business applications.
Evaluate data governance, privacy controls, resilience, change management, and third-party/vendor technology risk management.
Assess control alignment with relevant frameworks, including COSO, COBIT, NIST, and SEC/SOX requirements.
Review risks associated with digital transformation, automation, system implementations, and emerging technologies.
IT General Controls
Review ITGC, IT application control, and interface control testing for in-scope SOX systems.
Support the assessment of control deficiencies; evaluate severity, support root cause analysis, and recommend sustainable remediation actions.
Continuous Improvement and Risk Monitoring
Provide clear, practical recommendations that balance risk mitigation with operational realities.
Track remediation activities and validate management action plans for high-risk and recurring findings.
Use data analytics, automation, and continuous monitoring techniques to improve audit coverage and efficiency.
Identify recurring deficiencies, control themes, and opportunities to improve governance, process maturity, and accountability.
Stakeholder Engagement
Communicate audit findings, root causes, and risk themes in clear business terms to technology, finance, and operational stakeholders.
Build trust and credibility with IT and business leaders while maintaining independence and objectivity.
Provide advisory support during major system, security, data, and transformation initiatives without assuming management responsibility.
Prepare concise reporting for Internal Audit leadership and contribute to executive-level risk updates.
Leadership Traits
Drive: Continuously looks for improvement areas for the department and drives implementation of enhanced processes and best practices. Drives own career by focusing on identified development areas and being vocal about next career steps.
Insight: Is curious and skeptical. Admits when wrong. Proactively identifies opportunities to adopt and implement data analytics and other improvements across departmental projects.
Authenticity: Always acts with unquestionable integrity and professionalism. Seeks out and respects diverse perspectives. Performs critical self-assessments and demonstrates self-awareness in interactions with others.
Connection: Team player with high EQ and strong listening skills. Proactively builds and maintains relationships with team members and key members of management. Enhances cross-functional and cross-geographical relationships,
contributing to a strong brand for the team.
Boldness: Takes calculated risks. Says yes to new initiatives. Speaks up in meetings. Makes the first move. Conducts rapid experiments.
Creativity: Brings in non-music inspiration. Fosters unlikely collaborations. Finds ways to say yes to requests. Helps both sides benefit and creates win-win scenarios.
Bring your VIBE:
10+ years of progressive IT audit, IT risk, technology controls, cybersecurity, or related assurance experience.
CISA strongly preferred. Additional certifications (CISSP, CIA, CPA) preferred.
Experience leading complex IT audits across infrastructure, cloud, ERP, cybersecurity, data, third-party, and business application domains.
Strong SOX ITGC experience in a publicly traded U.S. company environment.
Experience evaluating and remediating control deficiencies in maturing high-growth organizations.
Big Four, national public accounting, consulting, or large multinational internal audit experience strongly preferred.
Strong project management, workpaper review, issue-writing, and stakeholder management skills.
Excellent verbal, written, and interpersonal communication skills, including constructive delivery of difficult messages.
Ability and availability to travel internationally and work independently.
Multilingual: Fluent English. Another language is a plus
Perks Playlist:
Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren’t just values—they’re how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):
Comprehensive medical, dental, and vision coverage
Including 100% coverage for out-patient in-network mental health services
Fertility coverage for eligible medical plan participants
Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)
Student Loan Repayment Assistance and Tuition Reimbursement
401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution
A variety of ways to prioritize much-needed time away from work including:
Flexible Paid Time Off (PTO) for exempt employees
3-weeks PTO for non-exempt employees
2-weeks paid Winter Break
10 Company Holidays (including Juneteenth and Wellbeing Day)
Summer Fridays (between Memorial Day and Labor Day)
Generous paid parental leave for every type of parent
Check out our full overview of benefits on the Perks Playlist page of the career site.
Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer
We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.
Please note, UMG is not enrolled in E-Verify in California and New York, and cannot support employment of candidates whose employer must enroll in E-Verify, for example candidates on STEM-OPT.
For more information, please click on the following links.
E-Verify Participation Poster: English / Spanish
E-Verify Right to Work Poster: English | Spanish
Salary Range:
$174,050.00 - $220,000The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.
We are UMG, the Universal Music Group.
We are the world’s leading music company.
In everything we do, we are committed to artistry, innovation and entrepreneurship.
We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries.
We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.
Our vast catalog of recordings and songs stretches back over a century and comprises the largest, most diverse and culturally rich collection of music ever assembled.
As digital technology refashions the world, our unmatched commitment to lead in developing new services, platforms and business models for the delivery of music and related content empowers innovators and allows new commercial and artistic opportunities to flourish.
Knowing that music, a powerful force for good in the world, is unique in its ability to inspire people and bring them together, we work with our artists and employees to serve our communities.
We are the home for music’s greatest artists, innovators and entrepreneurs.
Together, we are UMG, the Universal Music Group.