Job Position: Chief Information Security Officer (CISO)

Department: Information Technology

Reports to: Chief Information Officer (CIO)

FLSA: Exempt

Status: Full-time

Work Location: Silver Spring, MD

OVERVIEW:

The Chief Information Security Officer (CISO) serves as the senior executive accountable for enterprise cybersecurity strategy, risk and financial governance, and operational resilience across Urban One's media and corporate environments. Reporting to the Chief Information Officer, the CISO partners with executive leadership and the Board of Directors to align cybersecurity priorities with business objectives, safeguard enterprise value, and strengthen organizational resilience. This role provides strategic oversight of cyber risk, the expansion of AI threats, regulatory and compliance exposure, business continuity, and security investment planning, ensuring cybersecurity is embedded as a critical business enabler, a driver of operational trust, and a foundational element of enterprise risk management.

ESSENTIAL RESPONSIBILITIES:

• Provides strategic guidance and transparency to the Executive Team, Board, and enterprise on cyber risk, resilience, crisis readiness, regulatory exposure, and investment priorities.
• Establishes the enterprise cybersecurity, data protection, and resilience strategy in alignment with business priorities and board-approved risk tolerance.
• Evaluate and prioritize cybersecurity investments, including internal capabilities and 3rd party services, to improve risk reduction, resilience, and operational effectiveness.
• Deliver clear executive dashboards, metrics, and narratives that support board transparency, enterprise prioritization, and investment decisions.
• Champion a culture of security ownership, accountability, and disciplined decision-making across all divisions, markets, and operating environments.
• Oversee the integration of cyber risk into the enterprise risk and control environment in partnership with Internal Audit, Finance, Legal, and Compliance.
• Oversee compliance and risk coordination with Legal, Finance, Internal Audit, and business leadership across privacy, regulatory, and contractual security requirements.
• Represent the organization with regulators, auditors, insurers, law enforcement, strategic partners, and third-party providers on cybersecurity and resilience matters.
• Partner with the CIO and technology leaders to embed security-by-design into enterprise architecture, modernization, cloud adoption, application delivery, and broadcast operations.
• Provide forward-thinking guidance on preparing and protecting the organization from the fast-paced expansion of AI cybersecurity threats.
• Lead the internal cybersecurity team and key external partners to strengthen detection, response, resilience, and post-incident recovery capabilities.
• Direct the enterprise incident response and cyber crisis management program, ensuring effective executive communication, stakeholder coordination, and lessons-learned follow-through.
• Establish and enhance enterprise security policies, standards, controls, and risk assessment methodologies aligned with recognized frameworks and regulatory obligations.
• Lead the continued maturation of the security program across governance, architecture, security operations, identity, cloud, data protection, vulnerability management, and incident response.
• Periodic travel required

KNOWLEDGE/SKILLS/ABILITIES:

• Executive presence and judgment to engage effectively with the Board, Executive Team, CFO, regulators, auditors, insurers, and external partners.
• Demonstrated multi-organizational enterprise security leadership with the ability to shape strategy, influence senior stakeholders, and drive the execution of proactive and reactive cybersecurity initiatives.
• Strong business and financial acumen, including the ability to translate cyber risk into operational, regulatory, reputational, and financial impact.
• Deep expertise across cybersecurity architecture and control domains, including identity, cloud, endpoint, network, data protection, and vulnerability management.
• Advanced command of security operations, incident response, cyber crisis management, business continuity, and enterprise resilience planning.
• Experience building governance frameworks, policies, standards, metrics, and assurance models aligned with recognized security frameworks.
• Proven ability to build, mentor, and scale high-performing teams while driving accountability, collaboration, and continuous improvement.
• Demonstrated ability to leverage external cybersecurity expertise.
• Exceptional communication skills, including executive briefings, board presentations, crisis communications, and the ability to simplify complex technical issues for non-technical audiences.

• Submit to a criminal background check
• Legal right to work in the United States

EDUCATION and/or EXPERIENCE

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field required; Master's degree preferred. Minimum 12-15 years of progressive cybersecurity and technology leadership experience, including significant experience leading enterprise security programs in complex, multi-site environments. Demonstrated success advising executive leadership and boards, leading major incident response and crisis management efforts, maturing governance and risk programs, and partnering on secure architecture across cloud, infrastructure, applications, identity, and operational technology or broadcast environments. Relevant certifications such as CISSP, CISM, CRISC, CISA, or equivalent are preferred; advanced study or executive education in cybersecurity, risk management, or digital resilience is a plus.