AEG Worldwide is the world’s leading sports and live entertainment company with operations in the following business segments:
AEG Presents, which is one of the largest live music companies in the world dedicated to live contemporary music performances, including producing and promoting global and regional concert tours, music events and world-renowned festivals
AEG Sports, which is the world’s largest operator of sports franchises and high-profile sporting events
AEG Global Partnerships, which supports each of AEG’s divisions through worldwide sales and servicing of sponsorships including naming rights, premium seating and other strategic partnerships
AEG Real Estate, which develops major sports and entertainment districts worldwide
With offices on five continents, the company uses its global network of venues, portfolio of powerful sports and music brands, ticketing and content distribution platforms and its integrated entertainment districts to deliver the most creative and innovative live sports and entertainment experiences that inspire athletes, teams, artists and fans.
Position Summary:
The SVP Information Security & Compliance (CISO) will be responsible for establishing and maintaining a company-wide information security program by establishing and maintaining a company-wide vision, strategy and architecture.
This will include establishing, maintaining and monitoring the security related policies and procedures which promote the secure and uninterrupted operation of all information systems. The SVP Information Security & Compliance also oversees all strategic technology functions of the Employee Services organization. This role oversees a team of technology professionals dedicated to maintaining and delivering all human capital system functions and the integration and use of those systems across the enterprise.
Essential Functions:
Direct and approve the design of security systems; ensure compliance with the changing laws and applicable regulations
Ensure that disaster recovery and business continuity plans are in place and tested;
Review and approve security policies, controls and cyber incident response planning
Approve identity and access policies
Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
Maintain a current understanding of the IT threat landscape for the industry; translate that knowledge to identification of risks and actionable plans to protect the business
Oversee identity and access management (include scheduling of periodic security audits);
Establish communication strategy and enforcement of cyber security policies and procedures across the organization
Manage all teams, employees, contractors and vendors involved in IT security and HRIS, which may include hiring; provide training and mentoring to team members
Constantly update the cyber security strategy to leverage new technology and threat information
Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
Communicate best practices and risks to all parts of the business, outside IT
Direct and approve the design of HR systems and the integration of those systems across the enterprise
Communicate and engage with Employee Services (ES) leadership to better understand business needs and action those requirements on behalf of the ES team
Constantly update the HRIS strategy to leverage new technology and new business functions
Required Qualifications (Job Knowledge, Skills, and Education):
BA/BS Degree (4-year) in Information Technology or a related technical area
Master Degree in related field preferred
10+ years related experience
At least 5 years in a leadership role
Experience in a combination of risk management, information security and IT jobs
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Proven track record and experience in developing information security policies and procedures
Must be a critical thinker, with strong problem-solving skills
Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII)
Strong project management, financial/budget management, scheduling and resource management skills
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
Demonstrated ability to overcome obstacles and deliver assignments on-time and with high quality
Must be able to envision and articulate a compelling future for the business and to present and discuss strategies and technical information in a matter that establishes rapport, persuades others, and establishes understanding-for both technical and nontechnical audiences
Ability to combine strategic business and technical direction and translate concepts into actionable implementation plans
Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) Preferred
Must be able to pass applicable occupational health screening and have the ability to use required Personal Protective Equipment (PPE)
AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship.
AEG may require an employee to perform duties outside his/her normal description.