Work at AEG

​SVP Security, Compliance & CISO

AEG
Los Angeles, CA
Info Technology & Software Engineering
Full Time

AEG Worldwide is the world’s leading sports and live entertainment company with operations in the following business segments:

  • AEG Presents, which is one of the largest live music companies in the world dedicated to live contemporary music performances, including producing and promoting global and regional concert tours, music events and world-renowned festivals
  • AEG Sports, which is the world’s largest operator of sports franchises and high-profile sporting events
  • AEG Global Partnerships, which supports each of AEG’s divisions through worldwide sales and servicing of sponsorships including naming rights, premium seating and other strategic partnerships
  • AEG Real Estate, which develops major sports and entertainment districts worldwide

With offices on five continents, the company uses its global network of venues, portfolio of powerful sports and music brands, ticketing and content distribution platforms and its integrated entertainment districts to deliver the most creative and innovative live sports and entertainment experiences that inspire athletes, teams, artists and fans.

Position Summary:

The SVP Information Security & Compliance (CISO) will be responsible for establishing and maintaining a company-wide information security program by establishing and maintaining a company-wide vision, strategy and architecture. This will include establishing, maintaining and monitoring the security related policies and procedures which promote the secure and uninterrupted operation of all information systems. The SVP Information Security & Compliance also oversees all strategic technology functions of the Employee Services organization.  This role oversees a team of technology professionals dedicated to maintaining and delivering all human capital system functions and the integration and use of those systems across the enterprise. 

 Essential Functions:

  • Direct and approve the design of security systems; ensure compliance with the changing laws and applicable regulations
  • Ensure that disaster recovery and business continuity plans are in place and tested;
  • Review and approve security policies, controls and cyber incident response planning
  • Approve identity and access policies
  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
  • Maintain a current understanding of the IT threat landscape for the industry; translate that knowledge to identification of risks and actionable plans to protect the business
  • Oversee identity and access management (include scheduling of periodic security audits);
  • Establish communication strategy and enforcement of cyber security policies and procedures across the organization
  • Manage all teams, employees, contractors and vendors involved in IT security and HRIS, which may include hiring; provide training and mentoring to team members 
  • Constantly update the cyber security strategy to leverage new technology and threat information
  • Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget
  • Communicate best practices and risks to all parts of the business, outside IT
  • Direct and approve the design of HR systems and the integration of those systems across the enterprise 
  • Communicate and engage with Employee Services (ES) leadership to better understand business needs and action those requirements on behalf of the ES team
  • Constantly update the HRIS strategy to leverage new technology and new business functions

Required Qualifications (Job Knowledge, Skills, and Education):

  • BA/BS Degree (4-year) in Information Technology or a related technical area 
  • Master Degree in related field preferred 
  • 10+ years related experience
  • At least 5 years in a leadership role
  • Experience in a combination of risk management, information security and IT jobs
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
  • Proven track record and experience in developing information security policies and procedures 
  • Must be a critical thinker, with strong problem-solving skills 
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard Personally Identifiable Information (PII)
  • Strong project management, financial/budget management, scheduling and resource management skills 
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals 
  • Demonstrated ability to overcome obstacles and deliver assignments on-time and with high quality 
  • Must be able to envision and articulate a compelling future for the business and to present and discuss strategies and technical information in a matter that establishes rapport, persuades others, and establishes understanding—for both technical and nontechnical audiences 
  • Ability to combine strategic business and technical direction and translate concepts into actionable implementation plans
  • Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) Preferred
  • Must be able to pass applicable occupational health screening and have the ability to use required Personal Protective Equipment (PPE) 

AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside his/her normal description.