IT Security Analyst Risk & Compliance
Posted on Nov 16, 2018 by AEG
AEG Worldwide is the world's leading sports and live entertainment company with operations in the following business segments:
- AEG Facilities, which with its affiliates owns, manages or consults with more than 120 venues
- AEG Presents, which is one of the largest live music companies in the world dedicated to live contemporary music performances, including producing and promoting global and regional concert tours, music events and world-renowned festivals
- AEG Sports, which is the world's largest operator of sports franchises and high-profile sporting events
- AEG Global Partnerships, which supports each of AEG's divisions through worldwide sales and servicing of sponsorships including naming rights, premium seating and other strategic partnerships
- AEG Real Estate, which develops major sports and entertainment districts worldwide
With offices on five continents, the company uses its global network of venues, portfolio of powerful sports and music brands, ticketing and content distribution platforms and its integrated entertainment districts to deliver the most creative and innovative live sports and entertainment experiences that inspire athletes, teams, artists and fans.
As part of a cross-functional Information Security & Compliance team, The Director IT Security (Risk & Compliance) leads the general information risk, governance, and compliance initiatives and activities to ensure internal and external cyber regulatory compliance and appropriately manage risk while securing information assets. This role leads the development and continuous improvement of policies, process, and governance. The Directors primary responsibility is to direct the execution of prioritizing risk for the business, overseeing risk assessments, security audits and serves as an ambassador to stakeholders in the Business Units, Legal, HR, and IT. Additionally, this role is responsible for strategically managing the information risk posture of the company and reporting it to executive management.
- Create and manage an IT compliance and risk assessment framework and regularly assess the regulatory and organizational risk to drive decisions on appropriate risk management responses of mitigation, acceptance or transfer.
- As the liaison to stakeholders, enable the business through broad leadership inspiring staff and influencing peers across IT and Business Leadership to understand and manage risk, improve regulatory compliance and implement appropriate security technology and process.
- Manage internal and external security regulatory compliance and audit processes (e.g. PCI, HIPAA, GLBA, etc).
- Manage, guide, grow, coach, and support direct reports, including establishing and measuring performance against clear objectives to achieve success.
- Lead strategic security planning in balancing business goals and prioritization of risk mitigation initiatives, ultimately driving the technical and process improvement roadmap.
- Manage 3rd party risk process for business partners, affiliates, subsidiaries, and review contracts to ensure appropriate data safeguards are included.
- Partner with internal and external designers, engineers and management to ensure AEG system requirements for applications, data, infrastructure, and cloud services are developed securely.
- Manage the creation and maintenance of a comprehensive education and awareness program.
- Collaborate with leaders across the organization to share solutions and best practices.
- Manage the development of security policies practices and standards.
1. A minimum education level of: BA/BS Degree (4-year) Information Technology, CS/Engineering, Economics, Business (Advanced Degree Preferred)
- A minimum of 7-10 years of related work experience, including 3 years demonstrated leadership experience
- Proven track record and experience in developing and maintaining information security policy, standards and guidelines
- Strong written and verbal communications skills with the ability to create and present technical and risk recommendations to executive management as well as influence and persuade others
- Conceptual understanding with deep and broad expertise over multiple security subject areas and significant applied experience
- Experience with PCI compliance and related process and operations
- Diverse technical background in Security and Risk Management combined with significant organizational and industry awareness and knowledge
- Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment
- Experience with security industry standards (ISO 27001, NIST Cybersecurity Framework, PCI)
- Proficiency with Microsoft Office Suite (Outlook, Word, Excel); and ability to learn all required business systems
- Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII).
- Strong project management and organizational skills with the ability to manage multiple projects simultaneously
- Experience in developing or formalizing enterprise risk management (ERM)
Preferred Qualifications (if applicable):
- IT security certifications (CISSP, CISM, CISA, GIAC, CEH or similar)
- Knowledge of all PCI DSS requirements and experience supporting Level 1 or Level 2 PCI DSS compliance effort
AEG reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside his/her normal description.
Analytic Recruiting Inc.