Manager, Information Security Risk Management

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management.

The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units.

This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment.

This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.

Team Alignment: Governance, Risk, and Compliance (GRC) Team.

The GRC Team is multi-faceted and focuses on driving business value.

Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.


* Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies.

Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.


* Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.


* Prepare detailed recurring risk management reports with associated metrics.


* Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.


* Support vendor due-diligence process and help define overall third-party risk management efforts.


* Support risk-focused governance entities such as forums and steering committees.


* Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.


* Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.


* Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level.

Collaboratively interface with global IT and business partners to provide guidance and support.


* Design and implement improvements in risk-related documentation.


* Other related duties as assigned.

Who You Are: As a mid-level position, comfort and experience with all aspects of governance, risk, and compliance is required.

Technical Skills


* Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinar...