Director of Cybersecurity

Who We Are:

Endeavor is a global sports and entertainment company, home to many of the world's most dynamic and engaging storytellers, brands, live events, and experiences. The Endeavor network specializes in talent representation through entertainment agency WME; sports operations and advisory, event management, media production and distribution, and brand licensing through IMG; live event experiences and hospitality through On Location; full-service marketing through global cultural marketing agency 160over90; and sports data and technology through IMG ARENA and OpenBet. Endeavor is also the majority owner of TKO Group Holdings (NYSE: TKO), a premium sports and entertainment company comprising UFC and WWE.

The Role and What You'll Do:

• Cybersecurity Strategy and Leadership: Develop and implement a comprehensive cybersecurity strategy. Provide leadership and direction for cybersecurity initiatives.
• System Security and Architecture Review: Evaluate and strengthen the security posture of our existing IT systems and infrastructure.
• Security Monitoring and Incident Response: Oversee the deployment and management of security monitoring tools (SIEM/SOAR). Lead incident response efforts, including the development of response protocols and playbooks.
• Vulnerability Management and Threat Hunting: Establish a proactive threat hunting and vulnerability management program to identify and mitigate potential security threats.
• Cybersecurity Training and Awareness: Develop and deliver cybersecurity awareness training programs for all staff levels.
• Security Compliance and Risk Management: Ensure security compliance with relevant cybersecurity laws, regulations, and best practices. Manage cybersecurity risks across the organization.
• Technology Evaluation and Implementation: Evaluate and implement new cybersecurity technologies and practices to enhance our security posture.
• Cybersecurity Exercises and Penetration Testing: Conduct Red/Blue team exercises, cyber-attack simulations, and disaster recovery preparedness to validate and improve security measures. Manage ongoing and automated penetration testing to assess the security of our systems.
• Software Development Security Management: Collaborate with DevOps teams to ensure the security of software development lifecycle, including dependency management, deployment processes, container scanning, and static code analysis, to maintain the integrity and security of software products.

• At least 10 years of experience in cybersecurity is expected. This experience should encompass various aspects of cybersecurity such as threat analysis, incident response, security architecture, and policy development.
• At least 3 years of this experience should be in a leadership role, managing cybersecurity teams and projects.
• Profound knowledge in security protocols, cryptography, authentication, authorization, and security.
• Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, SIER/SOAR, threat hunting, etc.
• Experience in handling security incidents, threat modeling, and threat intelligence.
• Proven ability in security risk assessment and in conducting security audits.
• Experience in developing and implementing comprehensive cybersecurity policies and procedures.
• Familiarity with cybersecurity regulations and standards (such as ISO 27001, NIST, GDPR, etc.).
• Proven track record in managing large-scale cybersecurity projects including budgeting and resource allocation for cybersecurity initiatives.
• Experience in collaborating with IT, legal, compliance, and business units to align cybersecurity strategies with organizational goals.

• Relevant cybersecurity certifications (CISSP, CISM, CEH, GCIH, OSCP, etc.) are highly desirable.
• Experience in developing and conducting cybersecurity training and awareness programs for diverse audiences.
• Prior experience in the entertainment and events sector, or related industries, can be beneficial given the unique cybersecurity challenges and requirements of these fields.