Senior Manager, IT Security and Compliance

The Senior Manager, IT Security and Compliance is responsible for development, implementation, maintenance, and enforcement of security policies, standards, and procedures to protect Augusta National's digital assets. This role leads the organization’s cybersecurity strategy, driving key initiatives to proactively identify, assess, and mitigate cyber risks. The Senior Manager ensures adherence to relevant regulations and industry best practices, in addition to managing security audits for key applications across the portfolio.

Essential Functions of the Job

• IT Security Policy and Procedure Development: Develop, implement, and maintain comprehensive IT security policies, standards, and procedures to safeguard the confidentiality, integrity, and availability of organizational data and systems
• Lead all cybersecurity initiatives to protect the organization from cyber threats, including threat detection, incident response, and security awareness training
• Vulnerability Management: Oversee vulnerability assessments and penetration testing to identify system weaknesses. Ensure timely remediation of identified vulnerabilities. Also organizes and leads table-top exercises to discuss cybersecurity posture and preparedness with internal and external stakeholders
• Implement and maintain Data Loss Prevention (DLP) policies, processes and technologies to ensure protection of the company’s assets
• Security Assessments and Audits: Manage the planning, execution, and reporting of internal and external security audits. Coordinate with auditors to facilitate the audit process and address audit findings
• Risk Management: Identify, assess, and evaluate IT-related risks. Develop and implement risk mitigation strategies and monitor their effectiveness
• Application Security: Manage application security practices, including secure software development lifecycle (SDLC) processes, security testing, and vulnerability remediation
• Regulatory Compliance: Ensure the organization's IT operations comply with applicable laws, regulations, and industry standards, including but not limited to: PCI DSS, GDPA, CCPA and other relevant regulations
• Incident Response: Develop, implement, and maintain an incident response plan to effectively address security breaches and minimize their impact on the organization
• Team Management: Manage and mentor a team of security and compliance professionals, providing guidance, training, and performance management
• Communication and Collaboration: Communicate security and compliance requirements to all levels of the organization. Collaborate with IT teams, legal counsel, internal audit, and business units to integrate security and compliance into business processes
• Vendor Management: Ensure third-party vendors comply with the organization's security standards
• Physical demands are outlined immediately below

Physical Demands

• Acceptable level of hearing and vision to perform job duties
• Occasionally required to walk and work with hands and arms, lift up to 25 pounds and/or drive a golf cart
• Required to sit, sometimes for several hours at a time, and use their hands and fingers to operate a computer

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions

Other Duties and Responsibilities

• Plan and Assist with IT-related campus projects and preparations for the Masters Tournament
• Build and monitor budgets related to security, controls and cybersecurity initiatives
• Provide world-class customer service to all Augusta National staff, including executives and Club members as appropriate
• Maintain the strict confidentiality of Augusta National Golf Club, its staff and membership, and all aspects of the business
• Meet with users as required to discuss and re-visit department IT requirements and their impact on cybersecurity
• Create and maintain a library of technical and procedural documentation, flowcharts, and drawings for cybersecurity training and reference
• Perform other duties which are deemed by management to be an integral part of the job

Qualifications:

      Skills/Knowledge/Attributes:

• Excellent demonstrated knowledge of IT security principles, practices, and technologies, including cyber security
• In-depth understanding of relevant regulations and industry standards (PCI DSS, HIPAA, GDPR, etc.)
• Experience managing security audits and risk assessments
• Excellent communication, interpersonal, and leadership skills
• Ability to maintain an intense interest in cybersecurity and the challenges it presents to the organization
• Excellent troubleshooting skills and the ability to stay focused on problems until they are resolved
• Ability to build relationships and rapport with staff members from all levels of the organization
• Ability to maintain composure and focus while working in a high-pressure environment
• Ability to prioritize tasks and workload in an ever-changing, fast-paced environment
• Strong self-motivation and willingness to always improve
• Experience with MS Office suite, Outlook, Windows 10, and Windows Server operating systems
• Experience with Active Directory and Windows account management tools

Relative Experience/Education:

• Bachelor’s degree in Information Technology, Computer Science, Information Security or a related field
• Minimum two years supervisory experience, preferred
• 5 plus years of experience working in Information Technology with a focus on IT Security and Cybersecurity
• Certified Information Systems Security Professional (CISSP) is preferred

Required License(s):

• Possess a valid driver’s license and/or successfully completes the Club’s internal motor vehicle training program

Projected Work Schedule:

Normal work hours are 8:30 am to 5:00 pm, Monday through Friday. Must be available to work nights, weekends, and holidays