Reporting to our Director of Security Operations, the security manager is a mid-level managerial position, and is responsible for managing a highly technical staff, must have proven leadership skills and be able to translate the needs of the business, typically defined in security policies, into technical control requirements and specifications, with associated metrics for ongoing performance measurement and reporting.
The senior cyber security manager role requires an individual with a strong technical background, as well as the ability to work with technology and business to align priorities and plans with key business objectives. The security manager must prioritize work efforts; balance current operational tasks against strategic security programs, and project tasks and objectives; and provide regular progress reports. This role also interacts with operational staff to incorporate new technologies, applications, and security systems into operational workflows.
Primary responsibility of the role will be to lead and mature the daily functions of the NFL’s Security Operations Center (SOC) and to Coordinate, measure and report on the technical aspects of security management.
Manage team of Security Analysts working in a 24/7/365 model tasked with monitoring, preventing, detecting, investigating, and responding to cybersecurity incidents and continuously safeguard the NFL and Clubs
Monitoring and protecting the NFL’s assets including intellectual property, personnel data, business systems, and brand integrity.
Conducts network monitoring and intrusion detection analysis using various computer network defense tools, such as firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), firewalls, Host-Based Security System (HBSS), etc.
Review alerts and data from sensors and documents formal, technical incident reports
Provide regular reports on security incidents, service levels and project status.
Research emerging threats and vulnerabilities to aid in the identification of network incidents
Provides incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment.
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Monitor and report on compliance with security policies, as well as the enforcement of policies
Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies.
Minimum 8 years in information security, with 5 years in an information security operations role and at least 3 in a supervisory capacity.
Experience on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) is a must.
5+ years of experience with common information security frameworks (NIST, ISO27001, COBIT, CIS, etc.)
Be a recognized leader with a strong understanding of tools, technologies, security strategies and their implications on the broader business environment.
Have in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
Have knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Have an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Have experience working with legal, audit and compliance staff.
Technical expertise in anti-virus/anti-malware solutions, virus/malware outbreak management
Ability to differentiate virus activity from directed attack patterns
Technical expertise in Intrusion Prevention System (IPS)/Intrusion Detection Systems (IDS), SIEMs and other computer network defense security tools
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
An understanding of organizational mission, values and goals and consistent application of this knowledge
Other Key Attributes / Characteristics
Strong leadership abilities, with the capability to develop and guide information security team members and other technical operations personnel, and to work with minimal supervision
Confident, energetic self-starter, with strong interpersonal skills
Has the accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company
Strong analytic skills for problem-solving and troubleshooting
Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity
Self-motivated and possessing of a high sense of urgency and personal integrity
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management, and business personnel
Travel domestically and internationally is required for this position. While frequency and duration of travel will vary throughout the year, applicants should anticipate approximately 15% travel
Terms / Expected Hours of Work
NFL employees are required to work 40 hours per week.
This a full-time position, where travel and weekend work will be required.
The NFL maintains a Flexible Workplace Policy that provides members of our workforce with opportunities to periodically work from a location of their choice, while maintaining a priority on in-person work at an NFL office, which enables us to more effectively collaborate, connect and build a workplace culture that will drive our continued success.
The NFL is committed to building a diverse, equitable and inclusive work environment that reflects our incredibly diverse fan base. We provide an environment of mutual respect where equal employment opportunities are available to all employees and applicants without regard to status as protected by applicable federal, state, or local law.
We also continue to prioritize the health and safety of our NFL workforce. Consistent with that commitment, considering the substantial and growing body of evidence that vaccinations remain the most effective protection against the spread the COVID-19, we require that members of our NFL workforce be fully vaccinated, inclusive of the COVID-19 Booster for those who are eligible under CDC guidelines.