This job has expired, please see additional jobs below
IT Security Analyst Risk & Compliance
AEG
Los Angeles, CA, United States
Job Details - this job has expired, please see similar jobs below
AEG is the world’s leading sports and live entertainment company with operations in the following business segments:
•AEG Facilities, which with its affiliates owns, manages or consults with more than 120 venues
•AEG Presents, which is one of the largest live music companies in the world dedicated to live contemporary music performances, including producing and promoting global and regional concert tours, music events and world-renowned festivals
•AEG Sports, which is the world’s largest operator of sports franchises and high-profile sporting events
•AEG Global Partnerships, which supports each of AEG’s divisions through worldwide sales and servicing of sponsorships including naming rights, premium seating and other strategic partnerships
•AEG Real Estate, which develops major sports and entertainment districts worldwide
With offices on five continents, the company uses its global network of venues, portfolio of powerful sports and music brands, ticketing and content distribution platforms and its integrated entertainment districts to deliver the most creative and innovative live sports and entertainment experiences that inspire athletes, teams, artists and fans.
As part of a cross-functional Information Security & Compliance team, the IT Security Analyst (Risk & Compliance) is responsible for conducting risk assessments, security audits, and operating the overall Digital Services compliance program. This Analyst delivers qualitative and quantitative analysis of the risk assessments and audits to feed the overall Digital Services risk management program while managing multiple projects and maintaining technical currency with emerging security technology. This role works with the Director IT Security – Risk & Compliance and applicable business units to prioritize risk and determine the best course of action for risk mitigation. The IT Security Analyst (Risk & Compliance) develops and maintains security policies and procedures, as well as the education and awareness program.
•Document and execute the internal risk analysis process and 3rd party risk process for business partners, affiliates, subsidiaries, and recommend appropriate mitigation to ensure protection of corporate information assets.
•Operate the internal and external security regulatory compliance framework and audit processes (e.g. PCI, HIPAA, GDPR, GLBA, etc) and provide metrics to management on a regular basis.
• Support the PCI DSS compliance program by reviewing evidence of compliance, driving necessary system and process improvements and ensure the completion of the annual compliance reports.
• Assist in building and maintaining the compliance frameworks in the GRC tool and provide regular reports to management.
• Develop and maintain of a comprehensive education and awareness program
• Partner with internal and external designers, engineers and management to ensure AEG to develop and analyze threat models and develop security requirements for applications, data, infrastructure, and cloud services
• Review contracts to ensure appropriate data safeguards are included.
• Collaborate with peers across the organization to share solutions and best practices
• Work with Information Security management to develop and maintain security policies, practices and standards.
• Maintain technical currency and continuously leverage opportunities to strengthen skills and broaden expertise.
Required Qualifications:
• A minimum education level of: BA/BS Degree (4-year) in Information Technology, CS/Engineering, Economics, or Business
• A minimum of 2-4 years of related work experience
• Experience with PCI compliance and related process and operations
• Experience in developing and maintaining information security policy, standards and guidelines
• Strong written and verbal communications skills with the ability to create and present technical and risk recommendations to business leaders as well as influence and persuade others
• Conceptual understanding with deep and broad knowledge over multiple security subject areas and applied experience
• Experience with security industry standards (ISO 27001, NIST Cybersecurity Framework)
• Diverse technical background in Security and Risk Management combined with significant organizational and security industry awareness and knowledge
• Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment
• Project management experience (planning, organizing, coordinating consulting resources)
• Ability to communicate (written and verbally) highly complex and technical concepts and information risk to a non-technical business audience to aid them in making informed risk decisions.
• Must have experience managing compliance efforts and experience with business risk management with the ability to communicate the balance between strong security and enabling business.
Preferred Qualifications:
• Knowledge of all PCI DSS requirements and experience supporting Level 1 or Level 2 PCI DSS compliance effort.
• IT security certifications (CISSP, CISM, CISA, GIAC, CEH or similar)
AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside his/her normal description.