Vice President, Cybersecurity and Deputy Chief Information Security Officer

United States·New Yorkexecutive

OtherInformation Security Officer

0 views0 saves0 applied

Apply Now

Quick Summary

Key Responsibilities

Program leadership and strategy execution Own the day-to-day execution of the cybersecurity strategy and roadmap,

Requirements Summary

12+ years of progressive experience in cybersecurity or information security, including leadership of large, complex security programs Experience leading multiple security domains,

Technical Tools

OtherInformation Security Officer

About the Role

~1 min read

As Vice President, Cybersecurity and Deputy CISO, you will translate our cybersecurity strategy into operational reality.

You will:

Lead and integrate core security functions, including security architecture and engineering, threat detection and incident response, security operations, identity and access management, and risk and compliance.
Own day-to-day cybersecurity program execution, including annual planning, roadmap delivery, operational reviews and metrics.
Serve as the primary operational escalation point for significant security risks and incidents, partnering closely with Global Security, Legal, Communications, Enterprise Technology and business leaders.
Act as a visible security leader with executives, senior editors and technology leaders, helping them understand risk, tradeoffs and priorities in practical terms.
Serve as acting CISO when needed, including during executive forums, audits and key stakeholder meetings.

This is a hybrid role based in our New York City headquarters, reporting to the CISO and Head of Enterprise Technology. You can typically expect to come into the office 3+ days per week.

Responsibilities

~3 min read

Program leadership and strategy execution

→
Own the day-to-day execution of the cybersecurity strategy and roadmap, ensuring alignment with company and Technology priorities
→
Translate high-level risk and board-level objectives into concrete programs, projects and measurable outcomes
→
Strategically manage the Cybersecurity budget, including coordinating with finance, setting multi-year forecasts, and managing billing workflows for Cybersecurity vendors
→
Establish and run operating rhythms for Cybersecurity, including staff meetings, portfolio reviews, operational reviews, OKRs and metrics
→
Partner with the CISO on multi-year planning, budget development and investment prioritization across tools, people and services
→
Drive continuous improvement using internal metrics, external benchmarks and findings from assessments, incidents and exercises

Security architecture, engineering and operations

→
Provide senior leadership across security engineering, architecture and operations, ensuring our security stack is robust, observable and well-integrated with Enterprise Technology and Developer Platforms
→
Guide the evolution of core controls such as endpoint protection, EDR, SIEM, email security, web security, vulnerability management, secrets management, MDM and identity governance
→
Partner with Enterprise Technology, Developer Platforms and product engineering to embed secure-by-design patterns, guardrails and self-service controls into platforms and workflows
→
Provide oversight and strategic direction for identity and access management, including identity platforms, access orchestration and privileged access
→
Ensure operational excellence for security tooling, including lifecycle management, vendor relationships and integration with incident response and monitoring workflows

Detection, incident response and resilience

→
Oversee threat detection, monitoring and incident response programs, including a modern, automation-forward SOC capability.
→
Serve as senior escalation leader for high-severity incidents, driving real-time decision-making, cross-functional coordination and executive communications
→
Ensure playbooks, tabletop exercises, red/purple team activities and crisis management plans are in place, tested and regularly updated.
→
Partner with Global Security, Business Continuity and Enterprise Technology on integrated resilience programs, including disaster recovery, crisis response and resilience exercises
→
Ensure post-incident reviews lead to durable improvements in controls, processes and architecture

Governance, risk, compliance and security education

→
Lead cybersecurity governance and risk management frameworks in alignment with NIST CSF 2.0 and other relevant standards
→
Drive the development and use of risk metrics, control health indicators and dashboards to communicate security posture to executives, Audit Committee and other stakeholders
→
Strategically support security education programs to ensure a metrics-driven approach to providing relevant training and resources to our staff

Newsroom and high-risk user security

→
Partner with newsroom teams to support the unique threat models of journalists and other high-risk users.
→
Ensure security measures and controls enable, rather than impede, high-stakes newsgathering, international reporting and sensitive investigative work
→
Support programs that protect journalists and high-risk staff across travel, field operations, online harassment and digital threats

People leadership and culture

→
Lead, mentor and develop senior managers and staff across multiple security disciplines, building a high-performing, inclusive and collaborative team
→
Foster a growth-minded, metrics-driven, blameless culture focused on learning and continuous improvement
→
Support career paths, succession planning and leadership development across Cybersecurity, including preparing future CISO-level leaders
→
Help champion security awareness and education programs that engage staff at all levels in shared security ownership
→
Engage in cross-industry collaboration and knowledge sharing to ensure that The New York Times is up-to-date on latest security events, techniques, and industry norms

→
Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world

Requirements

~4 min read

12+ years of progressive experience in cybersecurity or information security, including leadership of large, complex security programs
Experience leading multiple security domains, such as security engineering, security operations, incident response, cloud security, identity, application security or GRC
Prior experience in a VP, Head of Security, Deputy CISO or similar senior leadership role with accountability for both strategy and execution
Deep technical understanding of modern security architectures, including cloud (AWS, GCP or similar), network, endpoint, identity and application security
Proven track record leading major incident response efforts and security crisis management, including communication with executives and external stakeholders
Strong familiarity with industry frameworks and standards such as NIST CSF, ISO 27001, SOC 2, PCI, HIPAA and data protection regulations
Experience working in close partnership with teams across Legal, Privacy, HR, Finance, Internal Audit and external regulators or auditors
Expertise building and leading diverse teams, including developing senior managers and cross-functional leaders

Experience securing media, news, technology or similarly fast-paced, high-profile environments with unique threat models
Background working directly with or supporting newsroom, high-risk user or investigative teams
Experience presenting to boards or audit committees and supporting public-company security and risk disclosures
Experience operating in a global context, including international offices, complex regulatory environments and cross-border data considerations
Prior experience shaping AI governance, AI security or emerging-technology security programs

#LI-Hybrid

REQ-020259

The annual base pay range for this role is between:

$275,000—$290,000 USD

For roles in the U.S., dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock. Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company-matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs.

For roles outside of the U.S., information on benefits will be provided during the interview process.

We’re excited to learn more about you and your experience. To keep our hiring process as fair and authentic as possible, we ask that you submit your own work and not use GenAI tools to generate substantive content during the application and interview process.

If you’re an Engineering candidate, we’ll let you know what specific GenAI tools you are permitted to use for your technical assessment.

The New York Times Company is committed to being the world’s best source of independent, reliable and quality journalism. To do so, we embrace a diverse workforce that has a broad range of backgrounds and experiences across our ranks, at all levels of the organization. We encourage people from all backgrounds to apply.

We are an Equal Opportunity Employer and do not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The U.S. Equal Employment Opportunity Commission (EEOC)’s Know Your Rights Poster is available here.

The New York Times Company will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email reasonable.accommodations@nytimes.com. Emails sent for unrelated issues, such as following up on an application, will not receive a response.

The Company encourages those with criminal histories to apply, and will consider their applications in a manner consistent with applicable "Fair Chance" laws, including but not limited to the NYC Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

For information about The New York Times' privacy practices for job applicants click here.

Please beware of fraudulent job postings. Scammers may post fraudulent job opportunities, and they may even make fraudulent employment offers. This is done by bad actors to collect personal information and money from victims. All legitimate job opportunities from The New York Times will be accessible through The New York Times careers site. The New York Times will not ask job applicants for financial information or for payment, and will not refer you to a third party to do so. You should never send money to anyone who suggests they can provide employment with The New York Times.

If you see a fake or fraudulent job posting, or if you suspect you have received a fraudulent offer, you can report it to The New York Times at NYTapplicants@nytimes.com. You can also file a report with the Federal Trade Commission or your state attorney general.