Manager, Information Security Risk Management

Job Description

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.

Team Alignment : Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

• Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
• Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
• Prepare detailed recurring risk management reports with associated metrics.
• Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
• Support vendor due-diligence process and help define overall third-party risk management efforts.
• Support risk-focused governance entities such as forums and steering committees.
• Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
• Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
• Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
• Design and implement improvements in risk-related documentation.
• Other related duties as assigned.

Who You Are : As a mid-level position, comfort and experience with all aspects of governance, risk, and compliance is required.

Technical Skills

Soft Skills

Qualifications

In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $135,000 - $150,000. Please note this information is specific to those hired in New York City. If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location. A final decision on the successful candidate's starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education. Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.

About Us

Hearst is one of the nation's largest global, diversified information, services and media companies.

Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.

The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.

Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.

With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.

Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.

About the Team

The Hearst Technology Services (HTS) team partners with Hearst's businesses that operate in diverse industries to enable business outcomes leveraging modern technology solutions. We are a global, customer centric, agile and innovative organization where creativity, team work and having fun while working hard is appreciated.