Full Time Job

Manager, Cyber Security


New York, NY 04-30-2024
Apply @ Employer
  • Paid
  • Full Time
  • Mid (2-5 years) Experience
Job Description
Who We Are:

Endeavor is a global sports and entertainment company, home to many of the world's most dynamic and engaging storytellers, brands, live events, and experiences. The Endeavor network specializes in talent representation through entertainment agency WME; sports operations and advisory, event management, media production and distribution, and brand licensing through IMG; live event experiences and hospitality through On Location; full-service marketing through global cultural marketing agency 160over90; and sports data and technology through IMG ARENA and OpenBet. Endeavor is also the majority owner of TKO Group Holdings (NYSE: TKO), a premium sports and entertainment company comprising UFC and WWE.

The Manager, Security Program Operations is responsible for Security Program Financial, Procurement, KPI, Strategy Articulation, and Project Life-Cycle/Status Tracking. Successful candidates will have experience with budgeting, procurement via Purchase Orders, tracking financial actuals, forecasting, maintaining, and collecting KPIs from security functions/teams, light schedule orchestration, strategy presentations, and light project management or portfolio management.

The right candidate will have experience with security program operation functions including budgeting and financial tracking, articulating program roadmaps, supporting risk management via a structured risk register, and leading the collaboration on presentations for senior IT leadership, cross-functional steering committees, and company executive leadership. You are familiar with security/program governance and have a history of working with technical and non-technical business leaders with a mindset that articulates relevant value. You have a consultant approach to working with partners across functions to support the security mission of an exciting, maturing global program.

Who You Are
• You have 3+ years of experience in managing IT programs supporting financial operations, articulating KPIs, and supporting the creation of executive presentations and status reports.
• You have some experience with IT cybersecurity functions that support data security, compliance, and privacy programs or relevant technology/risk management experience.
• You have experience or familiarity for regulatory and other security compliance related to data confidentiality, integrity, and system availability, including frameworks such as ISO 27001, NIST, PCI, and SOC, and have practical understanding and experience with Sarbanes-Oxley (SOX) General Computing Controls, CCPA, GDPR, and/or HIPPA.
• Experience with project governance and awareness of life-cycle management.
• You are results-oriented, capable of defining an approach, developing consensus, committing to a direction, and driving operations to completion.
• You have a demonstrated ability to manage challenging situations in a fast-paced environment while developing and sustaining cooperative and constructive working relationships.
• You communicate and collaborate effectively, with impact, across all levels and manage relationships across different business and functional areas.
• You have a bachelor's degree or equivalent professional experience.
• Cursory knowledge of Cybersecurity concepts and mitigation practices, such as Advanced Persistent Threat (APT), Credential and Session Theft, Zero Trust, Bring Your Own Device (BYOD), Privileged Access Management, MS Just-in-time Administration, etc.
• PMP or similar certification preferred. IT Certifications are welcome.

What You'll Do
• Help Strategize Cybersecurity Initiatives: Lead the articulation and presentation of strategic cybersecurity initiatives, showcasing how they align with business objectives to ensure the security architecture supports the organization's overall strategy. Work with Security Leadership team to regularly update the cybersecurity roadmap and other artifacts to reflect evolving threats and technological advancements.
• Drive Security Awareness and Training Programs: Manage the training calendar and metrics for security awareness programs for all employees, contractors, including curriculum for special roles such as developers and incident handlers. Support human-led training through the cultivation and development of presentations and other materials and facilitate training session logistics.
• Collect and Report Metrics for Incident Response Planning and Execution: Ensure the readiness of the incident response team by regularly reviewing and updating incident response plans. Coordinate simulations and drills to enhance the organization's preparedness for cyber incidents.
• Manage Security Vendors and Procurement to Reconciliation (actuals): Ensure timely and efficient solution procurement, renewals, and management of the security supply-chain. Reforcast based on actuals. Support annual budgeting through cost modeling license count against existing contracts.
• Enhance Security Metrics and Reporting: Develop and refine security metrics and reporting frameworks to provide actionable insights. Regularly prepare reports on these metrics for technical and senior management, highlighting the effectiveness of security measures and identifying areas for improvement. Create, collect, maintain, and update expressive, monthly, dashboard slides to show KPIs, trends, and key observations for internal IT and external stakeholders, including quarterly executive briefings.
• Optimize Vendor Risk Management: Conduct thorough security assessments of third-party vendors and partners.
• Contribute to Regulatory Compliance Efforts: Lead efforts to prepare for security audits, conduct internal security control checks, and address any identified gaps in metrics and reporting.
• Foster Inter-Departmental Collaboration: Serve as the cybersecurity liaison to other departments, ensuring that security considerations are integrated into technological development, business processes, and project management practices.
• Champion Continuous Improvement: Implement a continuous improvement process for the security program, regularly reviewing and optimizing security policies, procedures, and controls based on feedback and changing security landscape. Coordinate across the Cybersecurity department to establish and report processes on Goals using Objectives, and Key Results (OKR) framework.
• Foster collaboration by working across Endeavor's Business Units and Fucntional Areas: Support the meeting logistics of the Data Governance and Information Security Working Group and other cross-functional teams, as needed.
• Sustain and support the IT Risk Management program: Leverage Governance Risk and Compliance tools and process to drive the documentation, ownership, and resolutions of risks across the organization.

Endeavor unites and brings people together in our love of sport, culture, and entertainment. We understand this can only be accomplished when we lead with a lens of diversity, equity, and inclusion in everything we do. As a global company that drives culture, we strive to reflect the world's diverse voices.  

Endeavor is an equal opportunities employer and encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, or religion or belief.

Per local requirements and in the interest of transparency, the range shown below reflects the prevalent current hiring range for this position.


Jobcode: Reference SBJ-r0xk18-44-223-39-67-42 in your application.

Salary Details
Salary Range: $120,000 to $160,000 Per Year ($ USD)
Company Profile

Endeavor is a global entertainment, sports and content company, home to the world’s most dynamic and engaging storytellers, brands, live events and experiences. The company is comprised of industry leaders including entertainment agency William Morris Endeavor (WME); sports, fashion, events and media company IMG; and premier mixed martial arts organization UFC. The Endeavor network specializes in talent representation; marketing and licensing; content development, distribution and sales; event management; and a number of direct-to-consumer offerings.