NCAA · 2 days ago
Associate Director of Information Security, Cybersecurity and Risk
Indianapolis, IN
Full-time
Hybrid
Lead/Staff, Director/Executive
5+ years expThe NCAA is dedicated to safeguarding collegiate athletics' digital assets and ensuring the integrity of information systems. The Associate Director of Information Security is responsible for developing and implementing the NCAA Information Security Program, conducting risk assessments, and ensuring compliance with regulatory requirements.
Responsibilities
Developing and implementing an overall information security program to enable and monitor appropriate controls to mitigate threats and risk to the NCAA's information
Conducting risk assessments and defining mitigation measures
Create, implement, and maintain security policies, standards, and procedures
Ensuring the organization is in compliance with the regulatory requirements related to information security (e.g., GDPR, HIPAA, ISO 27001)
Assisting the NCAA's legal affairs department in ensuring the NCAA is in compliance with regulatory requirements related to data privacy
Maintaining relationships with local, state and federal law enforcement and other related government agencies, as needed, to collaborate on information security initiatives
Overseeing incident response planning as well as the investigation of security breaches and assisting with disciplinary and legal matters associated with such breaches
Implementing and facilitating regular staff training sessions on information security awareness and procedures
Managing day-to-day information security operations
Conduct regular audits and risk assessments
Identify potential security risks and vulnerabilities
Keeping up to date with the risk environment and mitigation strategies for consideration in protecting NCAA information
Educate employees on security best practices and lead Cybersecurity annual training efforts
Conduct phishing simulations and awareness campaigns
Lead NCAA vendor and third-party risk management by assessing the security posture of vendors and partners and ensuring all contractual agreements include appropriate security requirements
Oversee PCI Compliance of the NCAA
Oversee the Record Retention and Destruction policy of the NCAA
Oversee the annual Penetration and Vulnerability Testing of the NCAA network
Maintain and oversee the NCAA IT Disaster Recovery Program and Business Continuity Program
Qualification
Required
Bachelors degree in computer science, information security, or related field required
Minimum of five years of information systems and security experience
Four years information security management experience preferred
CISM or CISSP current certification; preferably both
Demonstrated experience in risk analysis, incident response, business continuity, disaster recovery, vendor management, regulatory compliance
Knowledge and experience working with application development, technology solutions select, acquisition, implementation and support, system administration, network operations, technical security, and business process
Broad knowledge in computer information and networking systems
Ability to evaluate current and emerging technology trends to formulate enterprise recommendations
Advanced skills and knowledge in systems which affect the design and implementation of enterprise programs and or processes
Understanding cloud infrastructure and application architectures, topologies, practices and technologies
Estimated travel required: <10%
Preferred
Master's degree preferred
Minimum of five years of information systems and security experience and four years information security management experience preferred
Company
NCAA
NCAA is an organization that governs and organizes collegiate athletic programs and championships in the United States.
501-1000 employees
Funding
Current Stage
Late StageLeadership Team
Scott Bearby
Senior Vice President and Chief Legal Officer
Greg Pottorff
Vice President of Legal Affairs and General Counsel
Recent News
Sports Business Journal
2026-01-22
Company data provided by crunchbase