• Developing and implementing an overall information security program to enable and monitor appropriate controls to mitigate threats and risk to the NCAA’s information.
• Conducting risk assessments and defining mitigation measures.
• Ensuring the organization is in compliance with the regulatory requirements related to information security.
• Assisting NCAA’s legal affairs department in ensuring the NCAA is in compliance with regulatory requirements related to data privacy.
• Maintaining relationships with local, state and federal law enforcement and other related government agencies, as needed, to collaborate on information security initiatives.
• Overseeing incident response planning as well as the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches.
• Implementing and facilitating regular staff training sessions on information security awareness and procedures.
• Reviewing, analyzing and delivering data on security incidents.
• Managing the day-to-day information security operations.
• Keeping up-to-date with the risk environment and mitigation strategies for consideration in protecting NCAA information.
• Oversee PCI Compliance of the NCAA.
• Oversee the Record Retention and Destruction policy of the NCAA.
• Oversee the annual Penetration and Vulnerability Testing of the NCAA network.
• Oversee the NCAA Business Continuity Program.
• Oversee the IT Disaster Recovery Program and testing.

Job Requirements:

• Bachelors degree in Computer Science, Information Security, or related field. Master’s degree preferred.
• Minimum of 5 years information systems and security experience and 4 years information security management experience preferred.
• CISM or CISSP current certification; preferably both.
• Demonstrated experience in the following areas: risk analysis, incident response, business continuity, disaster recovery, vendor management, regulatory compliance.
• Knowledge and experience working with: application development, technology solutions selection, acquisition, implementation and support, system administration, network operations, technical security, and business process,
• Broad knowledge in computer information and networking systems.
• Ability to evaluate current and emerging technology trends to formulate enterprise recommendations.
• Advanced skills and knowledge in systems which affect the design and implementation of enterprise programs and/or processes.
• Understanding of networking architectures, topologies, practices and technologies.

Job Competencies:

• Self-Management: Takes responsibility of one’s behavior, work, priorities, and time management accordingly. 
• Project Management: The discipline of planning, organizing, and managing resources to bring about the successful completion of a specific project. 
• Problem Solving: Identifies and analyzes problems; weighs relevance and accuracy of information; generates and evaluates alternative solutions; makes recommendations.  
• Strategic Agility: Sees ahead clearly, can anticipate future consequences and trends accurately, has broad knowledge and perspective, is future oriented, can articulately paint credible pictures and visions of possibilities and likelihoods, can create competitive and breakthrough strategies and plans.
• Critical Thinking: Ability to examine issues and ideas and to identify good and bad reasoning in a variety of fields with differing assumptions, contents, and methods. 

Reporting Line

The Associate Director of Information Security, Cybersecurity & Risk will report to the Director of Planning & Governance with dotted line to Director of Infrastructure and Operations.

Location & Travel

• Role will be based out of Indianapolis, IN (NCAA headquarters)
• Hybrid work schedule 3 days in office / 2 remote
• Less than 10% travel required

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.