Gannett seeks a highly experienced and strategic Director of Security Risk Management to join our team. This role is pivotal in safeguarding our digital and physical assets, ensuring the integrity and confidentiality of our information systems, and managing our comprehensive cybersecurity risk management program.
Key Responsibilities:
• Lead the development and implementation of security risk management strategies and frameworks.
• Oversee the management of the cyber risk register, ensuring all identified risks are documented, assessed, and managed effectively.
• Conduct regular risk assessments to identify vulnerabilities or gaps in controls, document findings, and recommend treatment plans.
• Participate in the vendor review to identify and manage third-party and supply chain risks.
Want more jobs like this?
Get jobs that are Remote delivered to your inbox every week.
• Manage security questionnaire requests from clients and coordinate with Privacy, Legal, and Compliance teams for accuracy of information.
• Collaborate with cross-functional teams to integrate security risk management practices into business processes, fostering a culture of security awareness and continuous improvement.
• Develop and maintain security policies, standards, and procedures.
• Chair the Security Risk Council to review architecture and implementation plans, processes, and dataflows to ensure risks are mitigated appropriately.
• Mature and streamline the security risk assessment processes related to new projects, technology implementation or changes, new vendor integrations, implementation plans, and architecture reviews. This includes security reviews of new internally developed applications.
• Regularly report on the status of cyber risks and escalate critical issues to senior management.
• Ensure compliance with relevant regulations and standards, including NIST, SOX, PCI, SOC2, and HIPAA.
• Stay abreast of the latest security trends, threats, and technology solutions to proactively address potential risks.
Qualifications:
• Bachelor's degree in computer science, Information Security, or a related field preferred; advanced degree and industry certification highly preferred.
• Minimum of 10 years of experience in security risk management, with at least 5 years in a leadership role.
• Proven experience with OneTrust technology and its applications in privacy and security risk management.
• Strong knowledge of cybersecurity frameworks, standards, and best practices (e.g., NIST, ISO 27001).
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to effectively convey complex security concepts to non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or CRISC are required.
#LI-NR2
#LI-REMOTE
The annualized base salary for this role will range between $125,000 and $135,000. Base compensation is reflective of many factors, including, but not limited to, the market in which one lives/works, individual education level, skills, certifications and experience. Note: variable compensation is not reflected in these figures and based on the role, may be applicable.