We at News America Marketing are seeking a VP, Information Security to champion and lead our cybersecurity program. The individual is accountable for managing, maintaining and developing our security strategy, programs and operational security requirements.
Reporting to the CTO, the VP, Information Security will also partner with the News Corp Global CISO office. The individual must drive the cybersecurity program for News America Marketing to ensure that it adopts, executes, maintains, and publishes security standards, processes, and procedures company wide to ensure our posture is in line with the corporation’s strategy and framework.
Core responsibilities include overseeing compliance of information assets and ensuring they are adequately protected with acceptable levels of controls. The success of this individual and program will be directly attributed to a leader capable of understanding our environment and driving resources and actions necessary to mature our practices.
Maintain current knowledge of the cybersecurity field and the changing threatlandscape; track new developments in rapidly changing information technologies and help, in conjunction with the News Corp CISO office, implement improvements in technical security tools related to intrusion detection/prevention, malware detection/prevention, data loss detection/prevention, remote access forensics, securityevent management, authentication, access control, audit logs, secure software scanning, external/internal web host scanning, disaster recovery preparedness, business continuity assurance, vulnerability management, and riskreporting.
- Lead and motivate a small team of security professionals and engineers to help ensure the company continues to operate in a secure and stable environment.
- Leverage information security and technology resources within News America Marketing or outside the organization to lead strategic security planning with IT Technology/Operations, development teams, and users across the organization to ensure a secure infrastructure, applications, and overall data security;
- Amend, implement and monitor a strategic, comprehensive enterprise information security program to ensure the integrity, confidentiality and availability of confidential company information/data
- Communicate and ensure compliance with organizational security policies and standards; proactively work withNews America Marketing business units to implement practices that meet defined policies and standards for information security
- Provide support, guidance, mentoring and education, to ensure that appropriate monitoring and controls are in place for compliance with established security policies and procedures
- Direct comprehensive security assessments for all organizational information systems and advise on mitigating vulnerabilities
- Create and manage information security and risk management awareness training programs for employees, contractors, vendors and/or clients.
- Facilitate and identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection
- Provide subject matter expertise to management on a broad range of information security standards, best practices, and compliance requirements.
- Drive further integration of Product Security across all the engineering teams.
- Work with developers and architects to ensure security is appropriately built into the software development cycle and DevOps pipeline and ensure appropriate internal testing of applications prior to deployment. Coordinate the performance of internal and external network and systems vulnerability assessments and penetration tests
- Audit vendor compliance with security requirements as needed
- Coordinate organizational efforts in response to securityevents
- Coordinate use of external resources involved in the information security program including negotiating vendor contracts and fees.
- Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program
- 10+ years of progressive IT solutions, compliance, regulatory experienceand roles of increasing responsibility.
- Expertise in IT development, integration, delivery, and maintenance
- Minimum of 5 years of managerial experience with demonstrated success in a leadership role.
- Demonstrated understanding of security requirements for Sarbanes-Oxley, ISO Certifications, Data Privacy laws, and PCI. Cyber security, including strategy creation
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
- Strong leadership, analytical and problem-solving skills
- Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and vendors
- Excellent written, verbal communication and presentation skills.
- Ability to effectively adapt to rapidly changing technology and apply it to business needs.