Chief Information Security Officer
Description:
Company Information
For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.
Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.
If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!
Job Summary
The Chief Information Security Officer will be responsible for establishing and maintaining a company-wide information security program by establishing and maintaining a company-wide vision, strategy and architecture. This will include establishing, maintaining and monitoring the security related policies and procedures which promote the secure and uninterrupted operation of all information systems. The Chief Information Security & Compliance also oversees all strategic technology functions of the Employee Services organization. This role oversees a team of technology professionals dedicated to maintaining and delivering all human capital system functions and the integration and use of those systems across the enterprise.
Essential Functions
Direct and approve the design of security systems; ensure compliance with the changing laws and applicable regulations
Ensure that disaster recovery and business continuity plans are in place and tested;
Review and approve security policies, controls and cyber incident response planning
Approve identity and access policies
Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Maintain a current understanding of the IT threat landscape for the industry; translate that knowledge to identification of risks and actionable plans to protect the business
Oversee identity and access management (include scheduling of periodic security audits);
Establish communication strategy and enforcement of cyber security policies and procedures across the organization
Manage all teams, employees, contractors and vendors involved in IT security and HRIS, which may include hiring; provide training and mentoring to team members
Constantly update the cyber security strategy to leverage new technology and threat information
Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
Communicate best practices and risks to all parts of the business, outside IT
Direct and approve the design of HR systems and the integration of those systems across the enterprise
Communicate and engage with Employee Services (ES) leadership to better understand business needs and action those requirements on behalf of the ES team.
Constantly update the HRIS strategy to leverage new technology and new business functions
Qualifications
BA/BS Degree (4-year) (Advanced Degree Preferred) In Information Technology or a related technical area
Master Degree in related field Preferred
10+ years Related experience
At least 5 years in a senior leadership role
Experience in a combination of risk management, information security and IT jobs
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Must be a critical thinker, with strong problem-solving skills
Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII).
Strong project management, financial/budget management, scheduling and resource management skills
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
Demonstrated ability to overcome obstacles and deliver assignments on-time and with high quality
Must be able to envision and articulate a compelling future for the business and to present and discuss strategies and technical information in a matter that establishes rapport, persuades others, and establishes understanding—for both technical and nontechnical audiences.
Ability to combine strategic business and technical direction and translate concepts into actionable implementation plans.
CISSP Certified Information Systems Security Professional Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) Preferred.
Payscale: $340,000 - $360,000
AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside their normal description.