Company Information
For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.

Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.

If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!

Job Summary

The GRC Lead drives the execution and continuous improvement of AEG's Governance, Risk, and Compliance program, with broad ownership across enterprise risk management, third-party risk management, compliance, and information security governance. They will contributor partner with IT, Legal, Privacy, Finance, and business leaders to translate risk into actionable insights, strengthen risk visibility, and improve program effectiveness. The role operates with a high degree of autonomy, leads complex cross-functional initiatives, and is accountable for advancing GRC program maturity and driving timely, measurable outcomes.

Essential Functions

• Enterprise Risk Management (ERM):
  • Own and continuously enhance the enterprise risk management framework, including risk taxonomy, scoring methodology, and governance processes 
  • Lead enterprise-wide risk identification and assessment workshops with senior stakeholders across business and technology functions 
  • Drive risk quantification and scenario analysis to support risk-informed business decisions 
  • Own the enterprise risk register, ensuring accuracy, completeness, and executive-level relevance 
  • Identify gaps in current risk processes and implement scalable improvements to advance program maturity
• Risk Reporting & Governance:
  • Design and deliver executive-level risk reporting, dashboards, and Key Risk Indicators (KRIs) that drive decision-making
  • Lead preparation of materials for Risk Committees and senior leadership forums
  • Establish and enforce governance processes for risk acceptance, escalation, and tracking
  • Ensure audit-ready documentation of risk decisions, control effectiveness, and program outputs
  • Continuously improve reporting quality, automation, and visibility of enterprise risk
• Compliance & Assurance:
  • Lead compliance assessments across frameworks (e.g., NIST CSF, ISO 27001, PCI-DSS, SOC), ensuring alignment with business and regulatory requirements 
  • Own coordination of internal and external audits, including stakeholder alignment and evidence management 
  • Drive remediation efforts to closure, ensuring accountability and measurable reduction of control gaps
  • Own and continuously improve policy, standards, and procedure frameworks
  • Evaluate control effectiveness and recommend enhancements to strengthen the control environment
• Third-Party Risk Management (TPRM):
  • Own and mature the third-party risk lifecycle, including intake, risk tiering, due diligence, and ongoing monitoring
  • Partner with Legal, Procurement, and business stakeholders to assess vendor risk and define appropriate controls
  • Establish and enforce risk-based due diligence standards and assessment methodologies
  • Track and report on third-party risk posture, including remediation and risk acceptance decisions
  • Identify opportunities to streamline and scale the TPRM process
• Information Security Governance:
  • Provide risk advisory for new systems, technologies, and business initiatives, ensuring alignment with security and compliance requirements
  • Drive control design and documentation in partnership with security and engineering teams
  • Ensure governance processes evolve in line with regulatory requirements and business changes
  • Influence stakeholders to adopt risk-informed practices and control improvements
• Program Enablement & Leadership:
• Lead cross-functional initiatives to improve risk awareness, engagement, and adoption across the organization
• Develop and deliver playbooks, training, and guidance to enhance risk literacy
• Mentor and guide junior team members, fostering capability development and consistency
• Identify and implement process improvements across the GRC program to increase efficiency and effectiveness
• Serve as a trusted advisor to stakeholders on risk prioritization and trade-off decisions

Required Qualifications

• BA/BS Degree (4-year) in Information Security, Computer Science, Business, Risk Management, or related field; or equivalent related work experience
• 6-8 years experience in GRC, ERM, or risk/compliance roles
• Demonstrated ownership of risk programs or major program components (ERM, TPRM, or compliance)
• Experience working in enterprise environments with cross-functional stakeholders
• Deep understanding of ERM concepts (risk appetite, inherent/residual risk, KRIs, scenario analysis)
• Strong experience with regulatory and security frameworks (NIST, ISO 27001, PCI-DSS, SOC, GDPR/CPRA)
• Ability to operate effectively in ambiguous environments and drive initiatives from concept through execution
• Ability to translate technical and risk concepts into business decisions
• Experience building executive-level reporting and dashboards
• Proficiency with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate)
• Strong facilitation, stakeholder management, and influencing skills
• CISSP, CISM, CRISC, or CISA highly preferred
• ISO 27001 Lead Auditor or equivalent preferred but not required

Pay Scale: $135,000.00 - $150,000.00

Bonus: This position is eligible for a bonus under the current bonus plan requirements.

Benefits: Full-time: We offer a comprehensive benefits package that includes: medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings.

AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship.  AEG may require an employee to perform duties outside their normal description.

AEG's policy is to hire the most qualified applicants, and we comply with all applicable federal, state and local employment laws in making hiring and employee decisions.  We are an equal opportunity employer and do not discriminate against applicants or employees on the basis of race, color, marital status, disability, religion, age, sex, sexual orientation, national origin, genetic information, veteran status, or any other legally protected status recognized by applicable federal, state or local law.

Employer does not offer work visa sponsorship for this position.

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint. 

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.”  SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

About the Role

SecurityScorecard's Solutions Architects team are trusted security advisors and business partners both internally and to prospective clients, offering deep knowledge about the market and our solution. We are intellectually curious, find great reward in delivering valuable solutions to customers, and are passionate about cybersecurity.

We are looking for an experienced and dynamic Solutions Architecture to work with our Sales teams across the US. The candidate will own the pre-sales technical engagement with our customers. The ideal candidate will have a strong technical background, exceptional verbal skills and be a strong cross functional collaborator.

Success in this role requires security and technical acumen to develop a deep understanding of SecurityScorecard's architecture and services and a consultative approach to understanding customer business needs. You'll leverage your strategic communication skills to engage in technical and business discussions with engineers and senior decision makers alike, translating customer needs into technical requirements and conveying the merit of SecurityScorecard's solutions throughout.  

NOTE:  It is a requirement that this role is in the Pacific or Mountain time zones.

Key Responsibilities

• Collaborate with the Sales team to identify technical requirements and develop customized solutions that address complex client needs, while driving revenue growth and customer satisfaction
• Delivery of compelling technical presentations, product demonstrations and Proof of Value projects for prospective clients
• Support SecurityScorecard at Industry events and C level round table events
• Work closely with Product Management and Engineering to provide market feedback and influence product roadmap based on customer needs and competitive landscape
• Proven track record of gathering detailed success metrics for customer PoV’s, including tracking and reporting
• Awareness and enforcement of MEDDPICC best practices in sales cycles
• Become a subject matter expert on cyber first Supply Chain services.
• Ability to engage with all different types of personalities and working styles across the team
• Build and foster strong relationships with other business teams, such as Marketing, Support and Customer Success
• Not afraid to be a champion for your prospects, advocating for their needs.

Skills and Experience

• 5+ years of relevant work experience (cybersecurity, TPRM, GRC, and/or similar)
• Demonstrated presentation and interpersonal skills; communicate in front of large groups with a mixed audience of technical and non-technical 
• Experience working with enterprise level clients and managing complex sales cycles
• Demonstrated ability to manage complex technical projects, demonstrate clear business value and lead technical strategy in sales engagements
• Bachelor Degree in Computer Science or equivalent work experience
• Sales experience NOT REQUIRED, but experience of selling technical SaaS and/or managed service solutions a plus
• Industry Certifications such as CEH, CISSP, CompTIA Security+ CISA  GCIH etc a plus

Traits

• Highly motivated self starter who works well cross functionally
• Intellectually curious; seeks to continually self-educate and evolve domain specific knowledge 
• Willing to travel on day and overnight trips throughout the US

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $100,000 - $195,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits. 

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law. 

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law. 

SecurityScorecard does not accept unsolicited resumes from employment agencies.  Please note that we do not provide immigration sponsorship for this position.   #LI-DNI