Director, Governance, Risk & Compliance
Hearst - New York City, NY
Apply NowJob Description
Hearst Technology, Inc, Information Security Office seeks a Director of Governance, Risk and Compliance.This hands-on position will oversee the Hearst Governance Risk and Compliance (GRC) team, ensuring the overall effectiveness of the Hearst Information Security Risk Management program.Responsibilities:Responsible for the security Information Security Governance, Risk and Compliance management function.Build and manage a high performing team of risk professionals through recruitment, training, coaching, and performance management.Build and maintain successful stakeholder relationships with technology and business executives by developing a clear understanding of business needs, acting as a trusted advisor, and ensuring cost-effective delivery of security services to meet those needs.Educate risk owners on risk management best practices and work with other risk functions (e.g., Internal Audit and Legal) in the development and implementation of risk controls and treatment plans.Continuously improve the Information Security Risk Management Program.Develop and maintain all relevant documentation, policies, standards, guidelines, and frameworks, embedding controls into process across the business and technology units.Assist in the early identification of risk trends by establishing and monitoring key performance and key risk indicators via Risk and Business Impact Assessments.Oversee global security awareness strategy and programs fostering a culture where security is everyone's responsibility.Manage Compliance programs across business units e.g., PCI, HIPAA, Privacy, Internal/External Audits, and 3rd Party Vendor Management.Advise senior management on risk reduction practices and influence process change.Assist the CISO to develop strategic plans and roadmaps.Requirements / Qualifications:10+ years of security experience in relevant security domains (e.g., compliance, audit, security risk management), with 5+ years of management experience.Experience implementing and maturing risk frameworks based on NIST, ISO, PCI, HITRUST and SOC2.Experience implementing privacy program control frameworks based on privacy regulations such as CCPA and GDPR.Experience managing internal/external audits.One or more industry certificates e.g., CISM, CRISC, CISA, CIPM, CISSP.Experience recruiting and building out high performing, global security teams.Demonstrated customer-first mindset.Outstanding communication, conceptual thinking, change/project management, analytical, and problem-solving capabilities.Consistent track record owning project/work activities, balancing multiple priorities delivering results.In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $175,000-$210,000. Please note this information is specific to those hired in New York City. If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location. A final decision on the successful candidate's starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education. Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.#J-18808-Ljbffr
Created: 2025-02-22