GRC Lead

Company Information
For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.

Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.

If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!

Job Summary

The GRC Lead drives the execution and continuous improvement of AEG's Governance, Risk, and Compliance program, with broad ownership across enterprise risk management, third-party risk management, compliance, and information security governance. They will contributor partner with IT, Legal, Privacy, Finance, and business leaders to translate risk into actionable insights, strengthen risk visibility, and improve program effectiveness. The role operates with a high degree of autonomy, leads complex cross-functional initiatives, and is accountable for advancing GRC program maturity and driving timely, measurable outcomes.

Essential Functions

• Enterprise Risk Management (ERM):
  • Own and continuously enhance the enterprise risk management framework, including risk taxonomy, scoring methodology, and governance processes 
  • Lead enterprise-wide risk identification and assessment workshops with senior stakeholders across business and technology functions 
  • Drive risk quantification and scenario analysis to support risk-informed business decisions 
  • Own the enterprise risk register, ensuring accuracy, completeness, and executive-level relevance 
  • Identify gaps in current risk processes and implement scalable improvements to advance program maturity
• Risk Reporting & Governance:
  • Design and deliver executive-level risk reporting, dashboards, and Key Risk Indicators (KRIs) that drive decision-making
  • Lead preparation of materials for Risk Committees and senior leadership forums
  • Establish and enforce governance processes for risk acceptance, escalation, and tracking
  • Ensure audit-ready documentation of risk decisions, control effectiveness, and program outputs
  • Continuously improve reporting quality, automation, and visibility of enterprise risk
• Compliance & Assurance:
  • Lead compliance assessments across frameworks (e.g., NIST CSF, ISO 27001, PCI-DSS, SOC), ensuring alignment with business and regulatory requirements 
  • Own coordination of internal and external audits, including stakeholder alignment and evidence management 
  • Drive remediation efforts to closure, ensuring accountability and measurable reduction of control gaps
  • Own and continuously improve policy, standards, and procedure frameworks
  • Evaluate control effectiveness and recommend enhancements to strengthen the control environment
• Third-Party Risk Management (TPRM):
  • Own and mature the third-party risk lifecycle, including intake, risk tiering, due diligence, and ongoing monitoring
  • Partner with Legal, Procurement, and business stakeholders to assess vendor risk and define appropriate controls
  • Establish and enforce risk-based due diligence standards and assessment methodologies
  • Track and report on third-party risk posture, including remediation and risk acceptance decisions
  • Identify opportunities to streamline and scale the TPRM process
• Information Security Governance:
  • Provide risk advisory for new systems, technologies, and business initiatives, ensuring alignment with security and compliance requirements
  • Drive control design and documentation in partnership with security and engineering teams
  • Ensure governance processes evolve in line with regulatory requirements and business changes
  • Influence stakeholders to adopt risk-informed practices and control improvements
• Program Enablement & Leadership:
• Lead cross-functional initiatives to improve risk awareness, engagement, and adoption across the organization
• Develop and deliver playbooks, training, and guidance to enhance risk literacy
• Mentor and guide junior team members, fostering capability development and consistency
• Identify and implement process improvements across the GRC program to increase efficiency and effectiveness
• Serve as a trusted advisor to stakeholders on risk prioritization and trade-off decisions

Required Qualifications

• BA/BS Degree (4-year) in Information Security, Computer Science, Business, Risk Management, or related field; or equivalent related work experience
• 6-8 years experience in GRC, ERM, or risk/compliance roles
• Demonstrated ownership of risk programs or major program components (ERM, TPRM, or compliance)
• Experience working in enterprise environments with cross-functional stakeholders
• Deep understanding of ERM concepts (risk appetite, inherent/residual risk, KRIs, scenario analysis)
• Strong experience with regulatory and security frameworks (NIST, ISO 27001, PCI-DSS, SOC, GDPR/CPRA)
• Ability to operate effectively in ambiguous environments and drive initiatives from concept through execution
• Ability to translate technical and risk concepts into business decisions
• Experience building executive-level reporting and dashboards
• Proficiency with GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, LogicGate)
• Strong facilitation, stakeholder management, and influencing skills
• CISSP, CISM, CRISC, or CISA highly preferred
• ISO 27001 Lead Auditor or equivalent preferred but not required

Pay Scale: $135,000.00 - $150,000.00

Bonus: This position is eligible for a bonus under the current bonus plan requirements.

Benefits: Full-time: We offer a comprehensive benefits package that includes: medical, dental and vision insurance, paid holidays, vacation and sick time, company paid basic life insurance, voluntary life insurance, parental leave, 401k Plan (with a current employer match of 3%), flexible spending and health savings account options, and wellness offerings.

AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship.  AEG may require an employee to perform duties outside their normal description.

AEG's policy is to hire the most qualified applicants, and we comply with all applicable federal, state and local employment laws in making hiring and employee decisions.  We are an equal opportunity employer and do not discriminate against applicants or employees on the basis of race, color, marital status, disability, religion, age, sex, sexual orientation, national origin, genetic information, veteran status, or any other legally protected status recognized by applicable federal, state or local law.

Employer does not offer work visa sponsorship for this position.