About the Role
_________________
Position Summary:
As a Senior Manager in League Office Cyber Security department, he/she shall manage and operate enterprise security programs encompassing the following domains: Vulnerability Management, Cyber Threat Intelligence, AI Security, Cloud Security, Attack Surface Management, and Audit & Risk Management. This role requires a strong balance of strategic thinking and hands-on technical execution across cloud, on-premises, and emerging technology environments. Working closely with NBA League Office stakeholders, NBA teams, and senior leadership, you will identify risks, drive remediation efforts, and advance program maturity across the organization. The ideal candidate operates effectively as a program owner, and coordinating multi-stakeholder remediation efforts through collaboration and risk communication. You will translate complex technical risk into clear, actionable insights for technical, business, and executive audiences. This is a high-visibility role within a fast-paced, high-profile organization where your work directly shapes the NBA's cybersecurity posture.
Major Responsibilities
- Manage the enterprise vulnerability management program across cloud and on-premises environments, leveraging risk-based decision making to prioritize remediation efforts, coordinate stakeholders, and reduce organizational exposure.
- Design, implement, and operate AI security strategies and governance processes to ensure secure adoption of emerging AI technologies, identifying, assessing, and mitigating associated risks in alignment with organizational goals.
- Oversee the Cyber Threat Intelligence program, leveraging intelligence collection and analysis to identify and prioritize emerging risks, deliver actionable intelligence, and communicate threat assessments to technical, business, and executive stakeholders.
- Collect and aggregate intelligence from OSINT, Deep/Dark Web resources, and other intelligence sources to monitor exploitable and high-profile threats impacting the NBA League Office and NBA teams.
- Research emerging threat actor tactics, techniques, and procedures (TTPs) to assess risk and validate security controls.
- Perform continuous monitoring and exposure management activities across cloud, on-premises, and external-facing environments to identify emerging security risks, obsolete systems, and configuration weaknesses.
- Manage the League's Team Audit and Risk Assessment Program across all NBA teams, overseeing assessments, control evaluations, remediation tracking, and reporting to strengthen security governance and ensure compliance with League security requirements.
- Collaborate closely with cross-functional business units and NBA teams to drive security initiatives, coordinate remediation of identified vulnerabilities, and reduce the NBA's overall risk profile.
- Communicate findings, risk posture, and program metrics & key performance indicators (KPIs) to technical operators, business stakeholders, NBA teams, and senior leadership to support informed decision-making and continuous improvement.
Required Education & Professional Experience
- Bachelor's degree in CyberSecurity, Computer Science, or a related field. Advanced degrees or relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Public Cloud Security (GPCS), GIAC Cyber Threat Intelligence (GCTI), GIAC Enterprise Vulnerability Assessor (GEVA), OffSec Web Assessor (OSWA), CompTIA Security+ or equivalent certification are strongly preferred.
- Minimum 5 years of hands-on CyberSecurity experience across vulnerability management, cloud security, threat intelligence, audit & risk management, AI security, or related cybersecurity disciplines.
- Experience communicating CyberSecurity risk, strategy, and program effectiveness to technical teams, business stakeholders, and executive leadership.
- Advanced understanding of cloud security concepts and technologies (AWS & Azure services), as well as typical corporate security controls (e.g., NIDS/NIPS, HIDS/HIPS, WAF, Network Firewalls, VPN, SIEM, DLP, etc.).
- Deep technical expertise and hands-on proficiency with industry-standard platforms across AI security, vulnerability management, cloud security, attack surface management, threat intelligence, and security risk management.
- Strong understanding of the current threat landscape, including advanced persistent threats (APTs), threat actor tactics, techniques, and procedures (TTPs), malware trends, and emerging cybersecurity risks.
- Demonstrated ability to operate as a program owner, driving multi-stakeholder remediation across business units and partner organizations through influence, collaboration, and risk communication.
- Strong analytical and problem-solving skills, with the ability to convert raw security data into prioritized, risk-based recommendations.
- Ability to document and communicate technical concepts, risks, and recommendations in a clear and concise manner.
Salary Range:
$145,000-$165,000
Job Posting Title:
Senior ManagerEmployees currently are eligible to receive an annual discretionary performance bonus, awarded at the sole discretion of the Company and subject to any terms and conditions set by the Company. Employees and/or eligible dependents may be eligible to participate in the following Company-sponsored employee benefit programs: medical; dental; vision; life/AD&D insurance; short- and long-term disability; fertility and family-forming assistance; wellbeing allowance; educational assistance; mental health coaching/therapy; tax advantaged accounts such as HSA and healthcare/dependent care FSAs; a 401(k) retirement plan; and time off benefits that include vacation, sick time, and personal days.
We Consider Applicants For All Positions On The Basis Of Merit, Qualifications And Business Needs, And Without Regard To Race, Color, National Origin, Religion, Sex, Gender Identity, Age, Disability, Alienage Or Citizenship Status, Ancestry, Marital Status, Creed, Genetic Predisposition Or Carrier Status, Sexual Orientation, Veteran Status, Familial Status, Status As A Victim Of Domestic Violence Or Any Other Status Or Characteristic Protected By Applicable Federal, State, Or Local Law.
The NBA is committed to providing a safe and healthy workplace. To safeguard our employees and their families, our visitors, and the broader community from COVID-19, and in consideration of recommendations from health authorities and the NBA’s own advisors, any individual working onsite in our New York and New Jersey offices must be fully vaccinated against COVID-19. The NBA will discuss accommodations for individuals who cannot be vaccinated due to a medical reason or sincerely held religious belief, practice, or observance.
About the NBA
The National Basketball Association (NBA) is a global sports and media organization with the mission to inspire and connect people everywhere through the power of basketball. Built around five professional sports leagues: the NBA, WNBA, NBA G League, NBA 2K League and Basketball Africa League, the NBA has established a major international presence with games and programming available in 214 countries and territories in 60 languages, and merchandise for sale in more than 200 countries and territories on all seven continents. NBA rosters at the start of the 2024-25 season featured a record-tying 125 international players from a record-tying 43 countries. NBA Digital’s assets include NBA TV, NBA.com, the NBA App and NBA League Pass. The NBA has created one of the largest social media communities in the world, with more than 2.3 billion likes and followers globally across all leagues, team and player platforms. NBA Cares, the NBA’s global social responsibility platform, partners with renowned community-based organizations around the world to address important social issues in the areas of education, inclusion, youth and family development, and health and wellness.