Job Specifications
We are seeking a strategic, pragmatic Chief Information Security Officer (CISO) to lead our information security program and corporate IT operations. This is a pivotal leadership role for a security executive who cares deeply about protecting users, data, and systems while enabling innovation, growth, and great employee and consumer experiences.
Reporting to the CTO, the CISO will partner closely with executive leadership, Engineering, Product, Legal, and Business teams to build a scalable, resilient security and IT organization. You’ll play a critical role in safeguarding a platform that serves millions of student-athletes, families, and fans nationwide, while supporting a growing, distributed workforce of 500+ employees.
The Outcomes You’ll Deliver
Build a Strong Security Foundation – Evolve and maintain governance, policies, and controls aligned with industry frameworks such as NIST CSF, ISO 27001, and CIS Controls, creating a durable and scalable security program.
Own Compliance & Trust - Lead SOC 2 Type II certification, maintain PCI DSS compliance, and implement COPPA-aligned privacy controls to protect student and consumer data.
Secure a Multi-Product Platform - Strengthen security across our integrated ecosystem (GoFan, NFHS Network, MaxPreps, PlayOn HQ), supporting 600K+ streaming events and 700K+ ticketing events annually.
Deliver Modern Corporate IT - Lead secure, reliable, and user-friendly IT operations that enable productivity for a distributed workforce, with a strong focus on identity, endpoint security, and employee experience.
Build and Scale Teams - Hire, develop, and lead high-performing security and IT teams across security engineering, operations, compliance, and corporate IT.
Manage Risk Proactively - Own the company’s cybersecurity risk posture by balancing protection with speed and business needs when identifying, prioritizing, and addressing threats.
Model Ethical Stewardship of Privileged Access - Treats privileged access with exceptional ethical judgment, using their authority responsibly and transparently, solely in service of legitimate security, compliance, and organizational trust.
In this role, you can expect to
Serve as PlayOn’s senior security leader and trusted advisor to the CTO and executive team on security, privacy, risk, and IT matters
Develop and execute an information security strategy aligned with business objectives, platform evolution, and regulatory requirements
Embed security into the SDLC through secure coding practices, architecture reviews, DevSecOps, and automated testing (SAST, DAST, SCA)
Design and evolve security operations capabilities, including detection, monitoring, incident response, and forensics
Lead executive response to major security incidents, including crisis coordination, communications, and post-incident improvements
Secure cloud infrastructure (AWS), applications (web, mobile, connected TV), APIs, and data across the platform ecosystem
Own corporate IT operations, including identity and access management, endpoint management, service desk, onboarding/offboarding, and collaboration tooling
Establish IT service management practices (ITSM) with clear SLAs and a strong focus on employee experience
Lead compliance efforts including SOC 2, PCI DSS, penetration testing, and third-party risk management
Define and track meaningful security and IT metrics, reporting regularly to executive leadership
Partner cross-functionally to balance security rigor with product velocity, innovation, and operational efficiency
Drive security awareness and foster a strong security culture across the organization
Stay ahead of emerging threats, technologies, and best practices to continuously improve PlayOn’s security posture
To thrive in this role, you have
12+ years of experience in information security, with deep expertise in cloud, application, and infrastructure security
5+ years in senior security leadership roles (CISO, VP, or Director), including building or scaling security programs
Experience leading corporate IT operations or working closely with IT leadership in modern, cloud-first environments
Proven success leading SOC 2 Type II, PCI DSS, or similar compliance initiatives in growth-stage technology companies
Strong background in AWS security, DevSecOps, automation, and modern security tooling
Hands-on familiarity with enterprise IT systems such as identity providers (e.g., Okta, Azure AD), MDM/UEM, ITSM platforms, and SaaS management
Excellent communication skills, with experience presenting to executive teams and Boards
A people-first leadership style, with a track record of building inclusive, high-performing teams
Experience with consumer platforms, student data privacy, payments, or streaming media is a plus
Strong business judgment, including budget ownership, vendor management, and third-party risk assessment
Education: BS in Computer Science, Information Security, or related field. Professional security certifications (CISSP, CISM,