Sr. Manager, ISO Risk Manager

About The Position

Requirements

• 7+ years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
• Familiarity with risk & information security frameworks such as such as ISO/IEC 27001, COBIT, NIST, Cloud Controls Matrix; experience working with hybrid information security frameworks is a plus.
• Have working knowledge of Industrial, Operating Systems and Enterprise technologies
• Understanding of regulations that apply to the business such as PCI, HIPAA, PII – GDPR, CCPA other privacy regulations and examination guidance
• Aptitude for understanding internal organizational environments and their relationship to the external business environment
• Ability to develop a full and deep understanding of the business operations
• Understanding of how business initiatives create value and risk for organizations
• Able to effectively analyze risk within the context of business problems
• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
• Excellent communicator across all levels of the organization; presentation skills
• Ability to understand broader business issues; industry (i.e. Technology Risks, Sports) awareness
• Has the accessibility and ability to interface with and build credibility and relationships with all stakeholders.
• Is a confident, energetic self-starter, with strong communication skills.
• Instinctive and creative
• High EQ – interpersonal skills
• Strong problem-solving and trouble-shooting skills
• Strong analytical skills and a questioning mind

Responsibilities

• Represent the Information Security Office in events planning meetings.
• Collaborate and work cross-functionally (internally and externally) to verify deliverables and deadlines associated with the development and the execution of the programs and phases of the events
• Evaluate project details, cost/budget, timelines and make appropriate recommendations and/or suggest alternative solutions
• Develop and evolve information security standards and protocols for events and stadia
• Liaise with NFL departments including Events, Media, Social Responsibility, Player/Talent Relations, Team Marketing & Business Operations, International Group, Creative Services, Legal, Security, IT and Finance to develop and execute League events
• Constructively engage business partners regarding cybersecurity issues
• Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
• Activates ISO resources (e.g., security architects, engineers) to achieve outcomes
• Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture
• Provides consultancy on information security risks for new products and services under consideration (i.e., technology products/solutions, programs, projects)
• Interprets and drives enforcement of policies, standards, regulatory requirements and maintains a consistent risk management approach.
• Participate in cybersecurity and business-related councils or working groups as necessary

Benefits

• To learn more about our comprehensive benefits offerings, please visit: NFL BENEFITS