Information Security Director

November 3, 2021

3STEP Sports is looking for an experienced and highly qualified Information Security Director. 3STEP is the largest youth sport event and club operator in the nation, providing brands with the ability to impact more athletes than ever in a unique and authentic way. The 3STEP reach spans 40+ states and currently serves more than 2.5 million athletes. We deliver a premier, inspiring and authentic experience – dedicated to perfecting every aspect of the athlete funnel. Encompassing industry-leading tournaments, nationally spanning club programs, premier media content and more, 3STEP is the standard of the youth sports experience.

The Information Security Director is responsible for establishing and maintaining the enterprise vision, strategy, architecture, and a multi-year roadmap that ensures that the company’s information assets are adequately protected. A key element of this role is communicating security at a strategic level to senior management and evangelizing security across the business to drive adoption of security best practices.

The Information Security Director will initially be an individual contributor but will have the opportunity to build and manage a small team of dedicated resources.

Duties & Responsibilities

For this role, the important attributes for the Information Security Director are:

· Develop and implement a strategic, long-term information security strategy and roadmap to ensure that 3Step’s information assets are adequately protected.

· Identify, evaluate and report on information security risks, practices and projects to the Information Security Committee and provide subject matter expertise on security standards and best practices (e.g. NIST, ISO SOX, PCI, etc.).

· Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.

· Act as the champion for the enterprise information security program and foster a security-aware culture.

· Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.

· Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.

· Manage regular intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes

· Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.

· Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.

· Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.

· Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risk.

· Lead due diligence and post integration activities related to information security for all M&A activity.


· Bachelor’s Degree in computer science, engineering, or a related field

· Minimum 10 years of IT and/or business leadership experience, and 5+ years of information security/cybersecurity experience

· A natural influencer and coalition builder

· Excellent written and verbal communication, interpersonal and collaborative skills.

· Experienced with contract and vendor negotiations.

· Ability to effectively prioritize and execute tasks in high-pressure situations.

· Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27002, NIST, and ITIL.

· Understanding of cloud, SaaS, and on-premise architectures, and their implications on information security strategy.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, age, disability, gender identity, marital or veteran status, or any other protected class.