Chief Information Security Officer

New York, NY, United States

Overview

Major League Soccer is seeking a Chief Information Security Officer (CISO) to lead all aspects of its enterprise information security strategy. The CISO will manage and develop strategies that protect our physical and digital information assets, application and product portfolios, along with our infrastructure and computing environments. This role will collaborate with other leaders in the organization, including Technology, Legal and Finance to define standards, governance and the overall Information security and risk management posture for the enterprise.

Responsibilities for this role include defining and implementing security policies and frameworks, leading security incident response, guiding the information security team, ensuring the privacy and security of consumer data, and establishing compliance with relevant legislation such as PCI, GDPR, and CCRA. They will also be involved in the selection of 3rd party security vendors, designing security programs, assisting with architecture reviews, and leading the organization in identifying, developing, and improving processes to manage enterprise risks.

The successful candidate must have hands-on experience in information security technology, cloud and on-premises environments, digital marketing and CRM platforms, application security and code review, vulnerability testing, and leading enterprise level risk management programs. Previous experience delivering GDPR compliancy is preferred.

Responsibilities

Execute a comprehensive security strategy that aligns with company objectives, including identifying and prioritizing security risks, establishing security controls, and providing compliance with relevant regulations and standards.

Lead the implementation of robust data protection measures, including encryption, access control, and data classification to safeguard customer information from unauthorized access or breaches.

Secure engineering processes and the software development lifecycle by implementing security measures such as code review, vulnerability testing, security education, and establishing devsecops practices.

Protect the security of our customer data platform(s) and validate compliance with all security and data privacy requirements.

Establish and validate the organization's compliance with international data protection standards, such as GDPR and CCRA.

Manage and track security across a wide range of digital products, including custom-built and third-party solutions.

Collaborate with the MLS Legal department and our Clubs to provide alignment with all published data and privacy policies, while validating the referenced technology.

Establish, communicate, and enforce security policies, procedures, and guidelines throughout the organization across employees, contractors, and third-party vendors, and maintain compliance with to established security protocols.

Participate in the legal process of reviewing vendor contracts, identifying security and data-related risks as a CISO.

Assess and mitigate cybersecurity risks, proactively identify vulnerabilities, and implement appropriate controls.

Collaborate with cross-functional teams throughout the league to align security initiatives with our business objectives and legal requirements.

Lead cyber security incident response efforts across the organization, including establishing procedures, conducting investigations, implementing remediation, and managing post-incident reviews.

Produce and present comprehensive reporting on all aspects of our Information Security Program.

Stay up to date with the latest industry trends, emerging threats, and standard methodologies in information security.

Additional responsibilities as assigned.

Qualifications

A bachelor’s

12+ years’ experience in information security or risk management, with a resume that demonstrates progressive career development managing multifaceted projects while performing regular activities; prior CISO role required.

Formal industry certification such as CISSP, CISM, CISA, CGEIT, or CIPP required.

Qualifications & Experience

Demonstrated experience implementing both US domestic and international data regulatory compliance required.

Solid understanding of relevant regulations and standards, including GDPR, CCPA, and HIPAA with the ability to speak in-depth about these regulations and their implications for the organization.

Deep understanding of information security management frameworks, such as ISO 27001 and NIST with the ability to apply these frameworks to develop and maintain effective security programs.

Proven background in building and managing a comprehensive DevSecOps Program with the ability to integrate security practices into the software development lifecycle and collaborate with development and operations teams.

Advanced understanding of security/privacy frameworks and methodologies as it applies to governance of consumer data and related technology systems, such as identity management, customer data platforms, marketing technology, and digital experience.

Background in managing data in subscription-based services. Familiarity with the unique security challenges and compliance requirements associated with subscription models.

Strong leadership skills, with the ability to effectively communicate and collaborate with team members at all levels of the organization. Proven ability to inspire and motivate teams, drive security initiatives, and build consensus.

Exceptional written communication skills are necessary. The candidate will be asked to provide examples of their written work, demonstrating their ability to convey complex security concepts clearly and effectively.

High-level of commitment to a quality work product and organizational ethics, integrity and compliance

Ability to work effectively in a fast paced, collaborative environment

Good interpersonal skills and the ability to effectively communicate, both verbally and in writing

Demonstrated decision making and problem-solving skills

Proficiency in Microsoft Suite

Ability to travel and to work non-traditional hours, including evenings, weekends, and holidays

Total Rewards

Starting Base Salary: $200,000 – $275,000. MLS/SUM base salaries are contingent upon several factors including individual qualifications, market financials, and operational business needs.

We are committed to providing a Total Rewards package that attracts, supports, engages, and retains talent through the following:

Benefits – comprehensive and competitive medical, dental, and vision benefits, as well as a suite of programs to promote well-being including a $500 Wellness Reimbursement. A generous PTO offering, and hybrid Office/Remote Work Schedule are also offered to promote Work-Life balance!

Career & Professional Development – on the job training, feedback, and on-going educational opportunities to continue your personal and professional development.

Employee Engagement – office perks, discounts and employee events that go “beyond the traditional paycheck” to make you feel a part of our team and inspire you to elevate the Game!

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.