Chief Information Security Officer; CISO

We are seeking a strategic, pragmatic Chief Information Security Officer (CISO) to lead our information security program and corporate IT operations. This is a pivotal leadership role for a security executive who cares deeply about protecting users, data, and systems while enabling innovation and growth that results in great employee and consumer experiences.

Reporting to the CTO, the CISO will partner closely with executive leadership, Engineering, Product, Legal, and Business teams to build a scalable, resilient security and IT organization. You’ll play a critical role in safeguarding a platform that serves millions of student‑athletes, families, and fans nationwide, while supporting a growing, distributed workforce of 500+ employees.

• Comprehensive Security Program Evolve and maintain governance, policies, and controls aligned with industry frameworks such as NIST CSF, ISO 27001, and CIS Controls, creating a durable and scalable security program.
• Compliance Management Lead SOC 2 Type II certification, maintain PCI DSS compliance, and manage data privacy controls and compliance efforts.
• Secure Multi‑Product Platform Maintain and strengthen security across our integrated ecosystem (GoFan, NFHS Network, Max Preps, PlayOnHQ) supporting 600K+ streaming events and 700K+ ticketing events annually.
• Deliver Modern IT Solutions Lead secure, reliable, and user‑friendly IT operations that enable productivity for a distributed workforce, with a strong focus on identity, endpoint security, and employee experience.
• Build and Scale Teams Hire, develop, and lead high‑performing teams across security engineering, operations, compliance, and corporate IT.
• Proactive Risk Management Own the company’s cybersecurity risk posture by balancing protection with speed and business needs when identifying, prioritizing, and addressing threats.

• Serve as Play On’s senior security leader and trusted advisor to the CTO and executive team on all security, privacy, compliance, and IT matters.
• Model ethical stewardship of privileged access by using exceptional judgment that guides use of authority responsibly and transparently, solely in service of legitimate security, compliance, and organizational trust.
• Develop and execute an information security strategy aligned with business objectives, platform evolution, and regulatory requirements.
• Manage security throughout the SDLC through secure coding practices, architectural reviews, Dev Sec Ops , and automated security testing (SAST, DAST, SCA).
• Lead executive response to major security incidents, including crisis coordination, communications, and post‑incident improvements.
• Participate in IT and Security due diligence and integration activities in support of M&A activity.
• Own corporate IT operations, including identity and access management, endpoint management, service desk, onboarding/offboarding, and collaboration tooling.
• Manage IT service management practices (ITSM) with clear SLAs and a strong focus on employee experience.
• Lead compliance initiatives including SOC 2 audits, PCI DSS assessments, penetration testing, third‑party risk management, and data privacy committee.
• Define and track meaningful security and IT metrics, reporting regularly to the executive team and Board of Directors.
• Partner with Engineering, Product, Legal, HR, and Business teams to balance security rigor with product velocity, innovation, and employee productivity.
• Drive security awareness training programs and drive security culture across the organization.
• Stay ahead of emerging threats, technologies, and best practices to continuously improve Play On’s security posture.

• 12+ years of information security experience with deep expertise in application, cloud, and infrastructure security.
• 5+ years in senior security leadership roles (CISO, VP/Director of Security), including building and scaling security programs.
• Experience leading corporate IT operations or working closely with IT leadership in modern, cloud‑first environments.
• Proven track record leading SOC 2 Type II, PCI DSS, or similar compliance certifications in growth‑stage…