Sr. Manager, ISO Risk Manager

Reporting to the Director of Information Security Risk Management, the Manager of Information Security Office (ISO) Events Risk Management will have an advanced understanding of NFL Brand & Reputational risks associated to information security, technology, compliance, and operational issues.  They will lead an integrated approach to risk-based decision-making specifically related to information security, cyber security and technology issues impacting the NFL business and brand.  This role will be responsible for ensuring information security coverage is provided for the NFL’s marque events such as the Super Bowl, NFL Draft, NFL Combine and International Games.  The ISO-Events Risk Manager (ISO-ERM) will serve as the primary point of contact between the cybersecurity function and the Events business stakeholders.  Additionally, the ISO-ERM will lead the NFL’s Cyber Security program evolution at its venues and stadiums. 

Responsibilities

• Represent the Information Security Office in events planning meetings.   

• Collaborate and work cross-functionally (internally and externally) to verify deliverables and deadlines associated with the development and the execution of the programs and phases of the events  

• Evaluate project details, cost/budget, timelines and make appropriate recommendations and/or suggest alternative solutions 

• Develop and evolve information security standards and protocols for events and stadia 

• Liaise with NFL departments including Events, Media, Social Responsibility, Player/Talent Relations, Team Marketing & Business Operations, International Group, Creative Services, Legal, Security, IT and Finance to develop and execute League events 

• Constructively engage business partners regarding cybersecurity issues 

• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions 

• Activates ISO resources (e.g., security architects, engineers) to achieve outcomes 

• Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture 

• Provides consultancy on information security risks for new products and services under consideration (i.e., technology products/solutions, programs, projects) 

• Interprets and drives enforcement of policies, standards, regulatory requirements and maintains a consistent risk management approach. 

• Participate in cybersecurity and business-related councils or working groups as necessary 

Required Qualifications

• 7+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.   

• Familiarity with risk & information security frameworks such as such as ISO/IEC 27001, COBIT, NIST, Cloud Controls Matrix; experience working with hybrid information security frameworks is a plus. 

• Have working knowledge of Industrial, Operating Systems and Enterprise technologies 

• Understanding of regulations that apply to the business such as PCI, HIPAA, PII – GDPR, CCPA other privacy regulations and examination guidance 

 Other Key Attributes / Characteristics

• Aptitude for understanding internal organizational environments and their relationship to the external business environment 

• Ability to develop a full and deep understanding of the business operations 

• Understanding of how business initiatives create value and risk for organizations 

• Able to effectively analyze risk within the context of business problems  

• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes 

• Excellent communicator across all levels of the organization; presentation skills 

• Ability to understand broader business issues; industry (i.e. Technology Risks, Sports) awareness 

• Has the accessibility and ability to interface with and build credibility and relationships with all stakeholders. 

• Is a confident, energetic self-starter, with strong communication skills. 

• Instinctive and creative 

• High EQ – interpersonal skills 

• Strong problem-solving and trouble-shooting skills 

• Strong analytical skills and a questioning mind  

Salary / Pay Range

This job posting contains a pay range, which represents the range of salaries or hourly rates that the NFL believes, in good faith, at the time of this posting that it might be willing to pay for the posted job in the location(s) specified. The NFL expects to hire for this position near the middle of the range. Only in truly rare and exceptional circumstances, where an external candidate has experience, credentials or expertise that far exceed those required or expected for the position, would the NFL consider paying a salary or rate near the higher end of the range. 

Terms / Expected Hours of Work

• Travel domestically and internationally is required for this position. While frequency and duration of travel will vary throughout the year, applicants should anticipate approximately 50% travel.  

• This a full-time position, where travel and weekend work will be required.