Manager, Information Security Risk Management

Why Hearst:

Hearst is a leading global, diversified media, information, and services company. Its major interests include ownership in cable television networks; global financial services leader Fitch Group; Hearst Health; Hearst Transportation; 33 television stations; 24 daily and 42 weekly newspapers; more than 300 magazines around the world; digital services businesses; and investments in emerging digital entertainment companies. Across every division of the company, we are connected by our shared values of innovation, storytelling, creativity, vision, social good and partnership. We believe our biggest asset is our combination of different backgrounds, cultures, and disciplines that come together to form one epic unit. What we do starts with our people.

What you'll do:

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, and documentation. This position also collaborates with key business leaders to assist in reducing risk and maturing the overall control environment.

Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

• Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
• Maintain the IT risk register and risk dashboard keeping risks and their response plans up to date; will be required to work with cross-functional teams and businesses.
• Prepare detailed recurring risk management reports with associated metrics.
• Support the implementation of a risk program and framework including enhancing processes supporting accountability, exception requests, and overall risk reduction.
• Support vendor due-diligence process and help define overall third-party risk management efforts.
• Collaborate to define cyber and technology standards and assist in the development of supporting organizational guidelines, particularly related to cyber, technology and third-party risk, business continuity, security awareness, payment card industry (PCI), change management, compliance management and metrics/dashboards.
• Support risk-focused governance entities such as working groups, forums, and steering committees.
• Support internal and external audit process for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
• Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
• Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
• Design and implement improvements in risk-related documentation.
• Other related duties as assigned.

Who you are:

This position requires comfort and experience with aspects of governance, risk, and compliance; this is not a beginner level position.

• Technical skills -
  • Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams
  • Experience conducting risk assessments and managing risk across departments and functions
  • Familiarity with an integrated risk management platform
  • Familiarity with security frameworks, particularly NIST Cybersecurity Framework and HITRUST
  • Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices
  • Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint, and virtual collaboration platforms
• Soft Skills -
  • Strong work ethic with attention to detail and demonstrated analytical abilities
  • Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk
  • Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging
  • Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities
  • Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction
  • Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently
  • Working understanding of project management principles, processes, and documentation
  • Ability to collaborate with internal and external stakeholders
  • Ability to lead in an agile format

Qualifications

• Bachelor's Degree in Information Technology, Computer Science, or equivalent
• Minimum 5+ years of experience in a risk management role
• Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005