Chief Information Security Officer
New York TimesLocation:
New York, NYDescription:
Due to our prominence as a news organization, and due to our uncompromising approach to reporting the news without fear or favor, the Times is exposed to significant threats from individual actors, criminal organizations and even nation states or state-sponsored organizations. Our reporters are on the front lines, and as public figures, they are vulnerable to malicious attacks. For these reasons, this role is even more critical for The Times than it is for other companies.
The New York Times seeks a Chief Information Security Officer. You will manage the development and implementation of global security policy, standards, guidelines, and procedures. This position will report to the Chief Technology Officer of The New York Times and is responsible for NYT Security programs company-wide.
- Develop and manage global information security policies, standards, guidelines and procedures to assess, balance, and minimize risk and ensure the confidentiality, integrity, and availability of systems and data
- Provide meaningful visibility, guidance, insight and analysis to senior management and the Company’s Board of
- Directors with respect to information security risks and mitigations.
- Maintain current knowledge of the information security field and the changing threat landscape; track new developments in rapidly changing information technologies and lead implementation of improvements in technical security tools related to intrusion detection/prevention, malware detection/prevention, data loss detection/ prevention, remote access forensics, security event management, authentication, access control, audit logs, secure software scanning, external/internal web host scanning, disaster recovery preparedness, business continuity assurance, vulnerability management, and risk reporting.
- Provide formal training for all staff on relevant security best practices.
Please see complete job description online.Qualifications:
How to Apply:
- Experience and proven success leading, or playing a senior role on, an information security program in a public company.
- Demonstrated understanding of security requirements for Sarbanes-Oxley, ISO certifications, data privacy laws, PCI and cybersecurity frameworks.
- Bachelor’s degree in Information Security or Computer Science or related field is expected.
- Minimum of ten years of experience in information security, with a minimum of five years in a leadership position, is preferred.
- Experience in engaging with members of boards of directors and audit committees