Senior Director, Governance, Risk & Compliance

Tickets.com, an MLB company, delivers innovative, cutting-edge technologies to enable frictionless and unforgettable fan experiences in venues across the globe. Together with MLB, Tickets.com is changing the landscape of the live sports and entertainment industry, delivering new digital venue and ticketing experiences to millions of fans. Our Technology team builds platforms and products that provide a new smart ticketing solution and venue experience. Using cutting-edge technology, our platform and applications are consumed by fans, stadiums, and MLB teams.

We are assembling a world-class team to build on these experiences and to scale platforms and products that anticipate emerging opportunities, including dynamic pricing and offers and digital, contactless ticketing. Our mission is to provide premium, innovative live experiences for our clients and their patrons.

Tickets.com is looking for a Sr. Director, Governance, Risk, & Compliance, passionate about safeguarding the league's integrity and the trust of our fans! The Senior Director of Governance, Risk, and Compliance (GRC) will strategically lead and align GRC efforts with business objectives and regulatory requirements, overseeing policies, procedures, and controls to ensure compliance and manage enterprise risk. This role involves conducting audits for continuous improvement, collaborating with stakeholders across the organization, and promoting a culture of security-conscious decision-making across Major League Baseball and associated organizations.

Responsibilities

• Corporate Governance: Implement a practical GRC framework aligned with business objectives and regulatory requirements, seamlessly integrating GRC processes and setting executive-level controls.
• Compliance Management: Uphold internal governance policies, procedures, and standards to ensure adherence to regulations, and surpass industry benchmarks.
• Policy Management: Continuously update governance policies and procedures, communicate effectively with stakeholders, and partner with peers to develop new standards as required.
• Design and implement a comprehensive Enterprise Risk Management (ERM) program, including risk identification, assessment, mitigation, and monitoring strategies.
• Conduct regular risk assessments, including PCI-DSS targeted risk analyses (TRAs), and develop comprehensive risk management plans for various business units and projects.
• Ensure readiness for business operations continuity and disaster recovery in case of disruptions.
• Implement and maintain a robust data classification framework to protect sensitive and confidential information.
•  Internal Audits: Conduct security audits and assessments focused on Data Privacy, PCI-DSS, and SOC standards to evaluate and improve security controls and processes.
• Regulatory Compliance: Maintain compliance with data privacy laws, including GDPR, CCPA, and other relevant regulations. Adapt GRC strategies in response to regulatory changes.
• Vendor Risk Management (VRM): Oversee the VRM program, including risk reviews, contract management, and ongoing monitoring to manage risks associated with third-party vendors and suppliers.
• Awareness Campaigns: Increase organizational awareness of GRC principles and aid in creating internal training programs to improve employee knowledge.
• Participate in an on-call rotation to respond to escalated security incidents. [1] 
• Lead and mentor a small GRC team, fostering a culture of excellence and continuous improvement.
• Report on the status of GRC initiatives and key risk indicators to executive management, clearly communicating complex GRC concepts and emerging risks.
• Collaborate with stakeholders to embed GRC considerations into business strategy and operations.
• Ensure effective communication and coordination of GRC activities with internal and external stakeholders, including Product, Legal, IT, Finance, and HR, to execute aligned GRC objectives.

Qualifications

• Completed a Master's or Bachelor's degree in Information Technology, Information Security, Cybersecurity, Computer Science, or a related field.
• Relevant certifications such as CISA, CGRC, CRISC, or similar are highly desirable.
• 8+ years of experience in governance, risk management, and compliance (focus on data privacy and protection preferred).
• Strong understanding of PCI v4.0.1 standards, global data privacy laws and regulations (e.g., GDPR, CCPA), IT control frameworks (e.g., NIST CSF, ISO 27001), and risk assessment methodologies.
• Strong attention to detail and a commitment to maintaining high standards and ethics.
• Ability to work independently and manage multiple projects effectively.
• Strong leadership and team management abilities.
• Excellent written and verbal communication skills.
• Exceptional analytical and problem-solving skills.
• Proficiency in using GRC and risk management tools and software.

Salary Range $190,000-$260,000.

As a candidate for this position, your salary and related aspects of compensation will be contingent upon your work experience, education, skills, and any other factors MLB considers relevant to the hiring decision. In addition to your salary, MLB believes in providing a competitive compensation and benefits package for its employees.

We offer an Outstanding Benefits Package that includes:

• Medical
• Dental
• Vision
• STD & LTD
• 401K Retirement Plan
• Basic Life & AD&D
• Supplemental Life Insurance
• Paid Time Off (PTO, STO, Holidays including Year-End Holiday Break)
• HSA & FSA
• Legal Plan
• Pet Insurance
• Tuition Reimbursement
• MLB Tickets

Tickets.com is an Equal Opportunity Employer.

Please click here to view our CCPA