Director Cybersecurity Operations - AEG

Company Information
For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.

Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.

If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!

Job Summary

The Director of Cybersecurity Operations plays a crucial role in ensuring the protection and security of sensitive information across the organization. Reporting to the Chief Information Security Officer (CISO), this position is responsible for leading a team of cybersecurity professionals and working closely with various departments, including Information Security, Global Enterprise Services, and Network Infrastructure, in a complex, matrixed environment. This role oversees key cybersecurity programs, including the Security Operations Center (SOC), Vulnerability Management, Data Loss Prevention (DLP), and Penetration Testing, ensuring the confidentiality, integrity, and availability of critical assets. The Director will be tasked with driving security strategies and initiatives while proactively addressing emerging cybersecurity risks. Strong technical expertise, leadership capabilities, and a proactive approach to challenges are essential for success in this role.

Essential Functions

• Security Operations Center (SOC) Oversight:
  • Manage and optimize the day-to-day operations and tools of the SOC, ensuring effective monitoring, detection, and response to security incidents.
  • Develop and implement SOC processes and procedures to improve efficiency and effectiveness with increased focus on new capabilities and advanced threat detection.
• Incident Response:
  • Oversee the incident response process, ensuring rapid identification, containment, eradication, and recovery from security incidents.
  • Conduct post-incident reviews and implement lessons learned to enhance security measures.
  • Partners with IT and GRC teams to maintain readiness, incident response plans, to include building playbooks and conducting simulations ensuring preparedness across the organization.
• Vulnerability Management:
  • Lead the vulnerability management program, including vulnerability assessments, prioritization, and remediation strategies.
  • Collaborate with IT and development teams to ensure timely patching and vulnerability mitigation.
• Data Loss Prevention (DLP):
  • Oversee the DLP strategy, ensuring the protection of sensitive data across all platforms and preventing unauthorized access or data exfiltration.
  • Conduct regular audits and assessments to evaluate DLP effectiveness and compliance.
• Penetration Testing:
  • Manage and coordinate penetration testing initiatives, including external and internal assessments, to identify vulnerabilities and weaknesses. 
  • Provide recommendations for remediation and security enhancements based on test results.
• Team Leadership:
  • Lead, build, mentor, and continuously develop a high-performing team of security professionals.
  • Foster a culture of continuous improvement and professional growth within the team.
  • Provide metrics to the CISO, CIO and senior leadership stakeholders on security posture, risks, incidents and lessons learned actions.
• Collaboration and Communication:
  • Collaborate with larger Global Technology departments and disbursed business units ensuring alignment on security initiatives and policies.
  • Communicate effectively with technical and non-technical (Executives, Venue Staff, HR) ensuring solutions align with their needs, as well as educate on security posture, risk assessments, and incident responses.
• Strategy Development:
  • Collaborate with GRC, Information Security Program Management aiding the CISO’s strategic vision for the department.
  • Communicate effectively with executive leadership on security posture, risk assessments, and incident responses.

Required Qualifications

• BA/BS Degree (4-year) (Advanced Degree Preferred) Information Technology, Computer Science, Cybersecurity or a related field. Master’s degree preferred.
• 6-8 years of experience in cyber security, with at least 5 of those years in a senior leadership role.
• Proven experience managing a SOC and implementing vulnerability management, DLP, and penetration testing programs.
• Strong knowledge of cybersecurity technologies, MDR, EDR, SIEM (Sentinel/Splunk), SOAR, Vulnerability Management tools (Tenable, Qualys), and best practices.
• Deep experience with risk management, threat modeling, and vulnerability assessment.
• Excellent leadership and communication skills, with the ability to collaborate and communicate effectively with both technical and non-technical stakeholders.
• Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment
• Experience with regulatory standards (ISO 27001, NIST Cybersecurity Framework, PCI-DSS, SOX, GDPR, PII).
• Strong written and verbal communications skills with the ability to create and present highly complex and technical concepts and information risk to executive management and other non-technical audiences to aid them in making informed risk decisions.
• Conceptual understanding with deep and broad expertise over multiple security subject areas and significant applied experience.
• Diverse technical background in Security Operations and Risk Management combined with significant organizational and industry awareness and knowledge.
• Proficiency with Microsoft Office Suite (Outlook, Word, Excel, Office 365); and ability to learn all required business systems.
• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR) and Payment Card Industry/Data Security Standard (PCI-DSS) and Personally Identifiable Information (PII).
• Strong project management and organizational skills with the ability to manage multiple projects simultaneously.
• Ability to combine strategic business and technical direction and translate concepts into actionable implementation plans.
• Ability to lead, mentor, and develop a high-performing cybersecurity team, fostering a collaborative and growth-oriented environment.
• Expertise in managing high-pressure, time-sensitive incidents and making quick, informed decisions under stress.
• In-depth knowledge of current and emerging cyber threats, with the ability to apply advanced detection methodologies to stay ahead of risks.
• Familiarity with cloud security frameworks, controls, and best practices for securing cloud environments (e.g., AWS, Azure, Google Cloud).
• Ability to implement and optimize security automation tools to enhance SOC efficiency and streamline response processes.
• Strong capability to manage organizational change in cybersecurity initiatives, ensuring smooth transitions in security policies, procedures, and technology deployments.
• Proven ability to work across departments (e.g., IT, legal, compliance) and with external partners (vendors, law enforcement) to drive security initiatives and incident response.
• Understanding of how cybersecurity integrates with overall business objectives and the ability to align security strategies with business goals.
• Competence in managing cybersecurity budgets, optimizing resource allocation, and justifying security investments to leadership.
• Commitment to staying updated on the latest industry trends, technologies, and regulatory changes, and the ability to adapt quickly to evolving challenges.
• CISSP Certified Information Systems Security Professional highly desirable
• CISM - Certified Information Security Manager highly desirable
• Certified Emergency Management Specialist (CEMS) highly desirable
• Other equivalent certification highly desirable

Pay Scale: $230,000.00 - $285,000.00

AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship.  AEG may require an employee to perform duties outside their normal description.