The Director of Information Security will lead Gannett's security engineering, incident response, and identity management teams to protect our digital assets and infrastructure. This role requires a strategic thinker with a deep understanding of cybersecurity, incident response, and risk management. The ideal candidate will have a proven track record in leading security initiatives, managing a team of security professionals, and hands-on technical expertise.
Key Responsibilities:
• Develop and implement security strategies to protect Gannett's digital assets.
• Lead and mentor a team of architects, engineers, and analysts to foster a culture of security awareness and continuous improvement.
• Oversee the design, implementation, and maintenance of security systems and infrastructure.
Want more jobs like this?
Get jobs that are Remote delivered to your inbox every week.
• Lead the cybersecurity incident response team, ensuring rapid and effective response to security incidents.
• Collaborate with other departments to ensure security measures are integrated into all aspects of the company's operations.
• Conduct regular security assessments and utilize continuous monitoring technology to identify vulnerabilities and implement corrective actions.
• Prepare, document, and maintain standard operating procedures, organization standards, and policies.
• Manage and optimize SIEM & logging tools to ensure comprehensive security monitoring and incident detection.
• Oversee vulnerability management and EDR/XDR toolsets to identify and mitigate security threats proactively.
• Implement and manage Identity & Access Management (IAM) and Privileged Access Management (PAM) solutions to safeguard sensitive information.
• Maintain cybersecurity metrics and key performance indicators (KPIs), and report regularly to senior management.
• Stay current with security trends, threats, and technology solutions.
• Ensure compliance with relevant regulations and standards, including NIST, SOX, PCI, SOC2, HIPAA, and others (e.g. CCPA, GDPR, ISO)
• May require off-hours work when responding to security threats.
Qualifications:
• Bachelor's degree in computer science, Information Security, or a related field preferred; advanced degree preferred or industry certification
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong knowledge of security frameworks and standards (e.g., NIST CSF 2.0, OWASP TOP 10, CIS CSC, MITRE ATT&CK, etc. ).
• Experience with cloud security, network security, and application security.
• Excellent problem-solving skills and the ability to work under pressure.
• Strong communication and interpersonal skills, with the ability to collaborate effectively across departments.
• Relevant certifications such as CISSP or CISM are required.
• Proficiency in managing Microsoft security products, including Microsoft Defender, Microsoft Entra, Azure Security Center, and Microsoft Sentinel.
#LI-REMOTE
#LI-NR2
The annualized base salary for this role will range between $150,000 and $160,000. Base compensation is reflective of many factors, including, but not limited to, the market in which one lives/works, individual education level, skills, certifications and experience. Note: variable compensation is not reflected in these figures and based on the role, may be applicable.