Reporting to the Director of Information Security Risk Management, the Manager of Information Security Office (ISO) Events Risk Management will have an advanced understanding of NFL Brand & Reputational risks associated to information security, technology, compliance, and operational issues. They will lead an integrated approach to risk-based decision-making specifically related to information security, cyber security and technology issues impacting the NFL business and brand. This role will be responsible for ensuring information security coverage is provided for the NFL’s marque events such as the Super Bowl, NFL Draft, NFL Combine and International Games. The ISO-Events Risk Manager (ISO-ERM) will serve as the primary point of contact between the cybersecurity function and the Events business stakeholders. Additionally, the ISO-ERM will lead the NFL’s Cyber Security program evolution at its venues and stadiums.
Represent the Information Security Office in events planning meetings.
Collaborate and work cross-functionally (internally and externally) to verify deliverables and deadlines associated with the development and the execution of the programs and phases of the events
Evaluate project details, cost/budget, timelines and make appropriate recommendations and/or suggest alternative solutions
Develop and evolve information security standards and protocols for events and stadia
Liaise with NFL departments including Events, Media, Social Responsibility, Player/Talent Relations, Team Marketing & Business Operations, International Group, Creative Services, Legal, Security, IT and Finance to develop and execute League events
Constructively engage business partners regarding cybersecurity issues
Inform business partners of the risk implications of critical decisions by combining empirical analysis with expert judgment to assess business decisions
Activates ISO resources (e.g., security architects, engineers) to achieve outcomes
Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture
Provides consultancy on information security risks for new products and services under consideration (i.e., technology products/solutions, programs, projects)
Interprets and drives enforcement of policies, standards, regulatory requirements and maintains a consistent risk management approach.
Participate in cybersecurity and business-related councils or working groups as necessary
[3+/5+] years of experience working in risk management, governance, and regulatory requirements related to cybersecurity with a specific focus on business outcomes and service delivery.
Familiarity with risk & information security frameworks such as such as ISO/IEC 27001, COBIT, NIST, Cloud Controls Matrix; experience working with hybrid information security frameworks is a plus.
Have working knowledge of Industrial, Operating Systems and Enterprise technologies
Understanding of regulations that apply to the business such as PCI, HIPAA, PII – GDPR, CCPA other privacy regulations and examination guidance
Security Certifications: CISSP, CRISC or CISM
Other Key Attributes / Characteristics
Aptitude for understanding internal organizational environments and their relationship to the external business environment
Ability to develop a full and deep understanding of the business operations
Understanding of how business initiatives create value and risk for organizations
Able to effectively analyze risk within the context of business problems
Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
Excellent communicator across all levels of the organization; presentation skills
Ability to understand broader business issues; industry (i.e. Technology Risks, Sports) awareness
Has the accessibility and ability to interface with and build credibility and relationships with all stakeholders.
Is a confident, energetic self-starter, with strong communication skills.
Instinctive and creative
High EQ – interpersonal skills
Strong problem-solving and trouble-shooting skills
Strong analytical skills and a questioning mind
Travel domestically and internationally is required for this position. While frequency and duration of travel will vary throughout the year, applicants should anticipate approximately 50% travel.
Terms / Expected Hours of Work
NFL employees are required to work 40 hours per week.
This a full-time position, where travel and weekend work will be required.
The NFL maintains a Flexible Workplace Policy that provides members of our workforce with opportunities to periodically work from a location of their choice, while maintaining a priority on in-person work at an NFL office, which enables us to more effectively collaborate, connect and build a workplace culture that will drive our continued success.
We also continue to prioritize the health and safety of our NFL workforce. Consistent with that commitment, considering the substantial and growing body of evidence that vaccinations remain the most effective protection against the spread the COVID-19, we require that members of our NFL workforce be fully vaccinated. Exceptions are available only for those who need an accommodation for a qualifying disability or sincerely held religious belief or practice.
The NFL is committed to building a diverse, equitable and inclusive work environment that reflects our incredibly diverse fan base. We provide an environment of mutual respect where equal employment opportunities are available to all employees and applicants without regard to status as protected by applicable federal, state, or local law.