GRC Lead

In order to be considered for this role, after clicking "Apply Now" above and being redirected, you must fully complete the application process on the follow-up screen.Company InformationFor more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!Job Summary The GRC Lead drives the execution and continuous improvement of AEG's Governance, Risk, and Compliance program, with broad ownership across enterprise risk management, third-party risk management, compliance, and information security governance. They will contributor partner with IT, Legal, Privacy, Finance, and business leaders to translate risk into actionable insights, strengthen risk visibility, and improve program effectiveness. The role operates with a high degree of autonomy, leads complex cross-functional initiatives, and is accountable for advancing GRC program maturity and driving timely, measurable outcomes.Essential FunctionsEnterprise Risk Management (ERM):Own and continuously enhance the enterprise risk management framework, including risk taxonomy, scoring methodology, and governance processesLead enterprise-wide risk identification and assessment workshops with senior stakeholders across business and technology functionsDrive risk quantification and scenario analysis to support risk-informed business decisionsOwn the enterprise risk register, ensuring accuracy, completeness, and executive-level relevanceIdentify gaps in current risk processes and implement scalable improvements to advance program maturityRisk Reporting & Governance:Design and deliver executive-level risk reporting, dashboards, and Key Risk Indicators (KRIs) that drive decision-makingLead preparation of materials for Risk Committees and senior leadership forumsEstablish and enforce governance processes for risk acceptance, escalation, and trackingEnsure audit-ready documentation of risk decisions, control effectiveness, and program outputsContinuously improve reporting quality, automation, and visibility of enterprise riskCompliance & Assurance:Lead compliance assessments across frameworks (e.g., NIST CSF, ISO 27001, PCI-DSS, SOC), ensuring alignment with business and regulatory requirementsOwn coordination of internal and external audits, including stakeholder alignment and evidence managementDrive remediation efforts to closure, ensuring accountability and measurable reduction of control gapsOwn and continuously improve policy, standards, and procedure frameworksEvaluate control effectiveness and recommend enhancements to strengthen the control environmentThird-Party Risk Management (TPRM):Own and mature the third-party risk lifecycle, including intake, risk tiering, due diligence, and ongoing monitoringPartner with Legal, Procurement, and business stakeholders to assess vendor risk and define appropriate controlsEstablish and enforce risk-based due diligence standards and assessment methodologiesTrack and report on third-party risk posture, including remediation and risk acceptance decisionsIdentify opportunities to streamline and scale the TPRM processInformation Security Governance:Provide risk advisory for new systems, technologies, and business initiatives, ensuring alignment with security and compliance requirementsDrive control design and documentation in partnership with security and engineering teamsEnsure governance processes evolve in line with regulatory requirements and business changesInfluence stakeholders to adopt risk-informed practices and control improvementsProgram Enablement & Leadership:Lead cross-functional initiatives to improve risk awareness, engagement, and adoption across the organizationDevelop and deliver playbooks, training, and guidance to enhance risk literacyMentor and guide junior team members, fostering capability development and consistencyIdentify and implement process improvements across the GRC program to increase efficiency and effectivenessServe as a trusted advisor to stakeholders on risk prioritization and trade-off decisionsRequired QualificationsBA/BS Degree (4-year) in Information Security, Computer Science, Business, Risk Management, or related field; or equivalent related work experience6-8 years experience in GRC, ERM, or risk/compliance rolesDemonstrated ownership of risk programs or major program components (ERM, TPRM, or compliance)Experience working in enterprise environments with cross-functional stakeholdersDeep understanding of ERM concepts (risk appetite, inherent/residual risk, KRIs, scenario analysis)Strong experience with regulatory and security frameworks (NIST, ISO 27001, PCI-DSS, SOC, GDPR/CPRA)Ability to operate effectively in ambiguous environments and drive initiatives from concept through executionAbility to translate technical and risk concepts into business decisionsExperience building executive-level reporting and dashboardsProficiency with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate)Strong facilitation, stakeholder management, and influencing skillsCISSP, CISM, CRISC, or CISA highly preferredISO 27001 Lead Auditor or equivalent preferred but not required Pay Scale: $135,000.00 - $150,000.00 Bonus: This position is eligible for a bonus under the current bonus plan requirements. Benefits: Full-time: We offer a comprehensive benefits package that includes: medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings.