Director, IT Security

The Denver Broncos are one of the most popular franchises in all of sports. Whether judged by the measure of wins and championships, attendance, national television exposure or by the Broncos' reputation locally and throughout the NFL, there are few parallels in the world of professional sports. We are dedicated to being the best team to cheer for, play for, and work for across all of sports. We are looking for employees who are passionate about what they do, have fun doing it, and proud to represent the Denver Broncos Football Club and Empower Field at Mile High.

Job Summary: We are seeking a Director of IT Security to lead the strategy, growth, and oversight of the organization's cybersecurity program and posture. This role is built on three essential pillars: acting as a visionary program builder, a strategic thought partner for the organization, and a dedicated mentor to emerging talent.

To achieve success, you will partner closely with internal and external stakeholders to ensure that security is not a barrier, but an enabler of our organizational mission. You will view the organization’s needs through a cybersecurity lens to enhance overall technology operations, ensuring our "football-first" culture is supported by a resilient and modern digital defense.

This role is responsible for developing and executing an enterprise security strategy that protects business, stadium, and football operations while supporting innovation, reliability, and operational excellence. The Director of IT Security will serve as a key leader within the Technology department and a trusted advisor to senior leadership on cybersecurity risk, resilience, and readiness.

Duties & Responsibilities

• Cybersecurity Leadership & Program Building: Architect and lead a comprehensive cybersecurity program that manages risk while enabling business growth. Develop and maintain a multi-year cybersecurity roadmap, security policies, standards, and governance processes that align with organizational priorities and industry best practices.
• Risk Management & Compliance: Conduct regular vulnerability assessments and audits to ensure compliance with legal and industry standards. Lead enterprise risk assessments, third-party security reviews, control testing, and audit preparedness efforts in alignment with frameworks such as NIST CSF, CIS Controls, ISO 27001, and other applicable regulatory or industry requirements.
• Incident Response: Oversee the detection, investigation, and remediation of security breaches and incidents. Establish and maintain incident response plans, playbooks, tabletop exercises, and post-incident review processes to strengthen organizational readiness and recovery.
• Technology Management: Oversee deployment of security tools like EDR, firewalls, IAM systems, and cloud security controls. Provide strategic oversight of core security technologies, including endpoint detection and response, SIEM/log monitoring, IAM, MFA, PAM, vulnerability management, network security, email security, MDM, and cloud security controls.
• Organizational Leadership & Influence: Serve as a high-visibility leader within the Technology department, fostering a culture of excellence, accountability, and continuous improvement while driving large-scale security initiatives to completion.
• Strategic Thought Partnership: Serve as a key advisor to the Technology Department, applying a security lens to overall operations to improve efficiency, reliability, and innovation across all IT functions.
• Team Development & Mentorship: Lead, grow, and develop a team of cybersecurity professionals. You are responsible for transforming high-potential individuals into seasoned experts through active coaching and career pathing. Build team capability through mentorship, performance management, succession planning, and clear professional development opportunities.
• Cross-Functional Collaboration: Work seamlessly across various departments to integrate security practices into the daily workflow of the entire organization. Partner closely with Football Operations, Stadium Operations, Legal, HR, Finance, Facilities, and external vendors to embed practical, scalable security controls across the organization.
• Executive Communication & Reporting: Translate technical risk into clear business terms for senior leaders and provide regular reporting on security posture, program maturity, incidents, and key performance indicators.
• Vendor & Third-Party Risk Management: Oversee security due diligence and ongoing risk management for third-party vendors, service providers, and technology partners.
• Business Continuity & Resilience: Partner with technology and business leaders to support disaster recovery, business continuity, and operational resilience planning, with particular attention to high-visibility and event-day operations.

Minimum Requirements

• 10+ years of progressive experience in cybersecurity, information security, or IT security roles
• 5+ years of leadership experience managing teams, vendors, or enterprise security programs
• Demonstrated experience building, maturing, or transforming a cybersecurity program in a complex organization
• Experience leading or overseeing incident response, vulnerability management, IAM, security operations, and risk management initiatives
• Strong knowledge of security frameworks, governance practices, and control standards
• Ability to influence cross-functional stakeholders and communicate effectively with both technical and non-technical audiences
• Experience supporting Windows, Mac, Linux, cloud, OT, IOT, and SaaS environments

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CISA, CCSP, CRISC, or equivalent
• Experience in sports, entertainment, hospitality, venue operations, or other high-availability environments
• Experience with cloud security architecture and administration across AWS, Azure, and/or Google Cloud
• Experience with PCI DSS, privacy requirements, third-party risk management, and audit or compliance programs
• Experience supporting organizations with high-profile public brands, live events, or mission-critical operations

Technical Skills

• Security operations and incident response
• Vulnerability management and remediation programs
• Identity and access management, including SSO, MFA, and privileged access
• Endpoint, network, email, and cloud security technologies
• SIEM, logging, monitoring, and threat detection
• Security awareness and training programs
• Policy development, governance, risk, and compliance
• Vendor security assessments and third-party risk oversight

Leadership Competencies

• Strategic thinking and program development
• People leadership, coaching, and team building
• Executive presence and business communication
• Cross-functional collaboration and stakeholder influence
• Sound judgment, integrity, and accountability
• Ability to balance security, usability, and operational demands in a fast-paced environment

Work Environment / Physical Requirements

• This role operates in a professional office environment and may require extended periods of sitting and working at a computer.
• Must be able to communicate effectively with internal and external stakeholders in person, by phone, and in writing.
• Ability to attend meetings, visit operational areas, and support technology or security needs across office, stadium, and event environments as needed.
• Must be available to respond to urgent security incidents, critical issues, or event-related needs outside of standard business hours when necessary.

Success in this role may include:

• Establishing and executing a clear cybersecurity roadmap aligned to business priorities and League Priority Controls
• Improving incident readiness through tested response plans and exercises
• Reducing critical vulnerabilities and improving remediation timelines
• Enhancing visibility into enterprise risk through meaningful metrics and executive reporting
• Developing a high-performing security team and strong cross-functional partnerships
• Strengthening the organization’s resilience across business, stadium, and football operations

In accordance with the Colorado Equal Pay for Equal Work Act, the salary range for this role is $150,000 - $160,000. 

The Denver Broncos Football Club and Stadium Management Company are an equal opportunity employer and do not unlawfully discriminate on the basis of race, color, religion, national origin, sex, age 40 and over, disability, genetic information, or any other status protected by applicable law or regulation. It is our intention that all qualified applicants be given equal opportunity and that selection decisions are based on job-related factors. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the organization.

Please click here for our Data Privacy Policy