Director, IT Security

Denver Broncos and Stadium Management Company•Englewood, CO

5h•$150,000 - $160,000•Onsite

About The Position

The Denver Broncos are one of the most popular franchises in all of sports. Whether judged by the measure of wins and championships, attendance, national television exposure or by the Broncos' reputation locally and throughout the NFL, there are few parallels in the world of professional sports. We are dedicated to being the best team to cheer for, play for, and work for across all of sports. We are looking for employees who are passionate about what they do, have fun doing it, and proud to represent the Denver Broncos Football Club and Empower Field at Mile High. Job Summary: We are seeking a Director of IT Security to lead the strategy, growth, and oversight of the organization's cybersecurity program and posture. This role is built on three essential pillars: acting as a visionary program builder, a strategic thought partner for the organization, and a dedicated mentor to emerging talent. To achieve success, you will partner closely with internal and external stakeholders to ensure that security is not a barrier, but an enabler of our organizational mission. You will view the organization’s needs through a cybersecurity lens to enhance overall technology operations, ensuring our "football-first" culture is supported by a resilient and modern digital defense. This role is responsible for developing and executing an enterprise security strategy that protects business, stadium, and football operations while supporting innovation, reliability, and operational excellence. The Director of IT Security will serve as a key leader within the Technology department and a trusted advisor to senior leadership on cybersecurity risk, resilience, and readiness.

Requirements

10+ years of progressive experience in cybersecurity, information security, or IT security roles
5+ years of leadership experience managing teams, vendors, or enterprise security programs
Demonstrated experience building, maturing, or transforming a cybersecurity program in a complex organization
Experience leading or overseeing incident response, vulnerability management, IAM, security operations, and risk management initiatives
Strong knowledge of security frameworks, governance practices, and control standards
Ability to influence cross-functional stakeholders and communicate effectively with both technical and non-technical audiences
Experience supporting Windows, Mac, Linux, cloud, OT, IOT, and SaaS environments

Nice To Haves

Professional certifications such as CISSP, CISM, CISA, CCSP, CRISC, or equivalent
Experience in sports, entertainment, hospitality, venue operations, or other high-availability environments
Experience with cloud security architecture and administration across AWS, Azure, and/or Google Cloud
Experience with PCI DSS, privacy requirements, third-party risk management, and audit or compliance programs
Experience supporting organizations with high-profile public brands, live events, or mission-critical operations

Responsibilities

Cybersecurity Leadership & Program Building: Architect and lead a comprehensive cybersecurity program that manages risk while enabling business growth. Develop and maintain a multi-year cybersecurity roadmap, security policies, standards, and governance processes that align with organizational priorities and industry best practices.
Risk Management & Compliance: Conduct regular vulnerability assessments and audits to ensure compliance with legal and industry standards. Lead enterprise risk assessments, third-party security reviews, control testing, and audit preparedness efforts in alignment with frameworks such as NIST CSF, CIS Controls, ISO 27001, and other applicable regulatory or industry requirements.
Incident Response: Oversee the detection, investigation, and remediation of security breaches and incidents. Establish and maintain incident response plans, playbooks, tabletop exercises, and post-incident review processes to strengthen organizational readiness and recovery.
Technology Management: Oversee deployment of security tools like EDR, firewalls, IAM systems, and cloud security controls. Provide strategic oversight of core security technologies, including endpoint detection and response, SIEM/log monitoring, IAM, MFA, PAM, vulnerability management, network security, email security, MDM, and cloud security controls.
Organizational Leadership & Influence: Serve as a high-visibility leader within the Technology department, fostering a culture of excellence, accountability, and continuous improvement while driving large-scale security initiatives to completion.
Strategic Thought Partnership: Serve as a key advisor to the Technology Department, applying a security lens to overall operations to improve efficiency, reliability, and innovation across all IT functions.
Team Development & Mentorship: Lead, grow, and develop a team of cybersecurity professionals. You are responsible for transforming high-potential individuals into seasoned experts through active coaching and career pathing. Build team capability through mentorship, performance management, succession planning, and clear professional development opportunities.
Cross-Functional Collaboration: Work seamlessly across various departments to integrate security practices into the daily workflow of the entire organization. Partner closely with Football Operations, Stadium Operations, Legal, HR, Finance, Facilities, and external vendors to embed practical, scalable security controls across the organization.
Executive Communication & Reporting: Translate technical risk into clear business terms for senior leaders and provide regular reporting on security posture, program maturity, incidents, and key performance indicators.
Vendor & Third-Party Risk Management: Oversee security due diligence and ongoing risk management for third-party vendors, service providers, and technology partners.
Business Continuity & Resilience: Partner with technology and business leaders to support disaster recovery, business continuity, and operational resilience planning, with particular attention to high-visibility and event-day operations.