Director of Information Security at Gannett in McLean, Virginia

Job Description:

The Director of Information Security will lead Gannett's security engineering, incident response, and identity management teams to protect our digital assets and infrastructure. This role requires a strategic thinker with a deep understanding of cybersecurity, incident response, and risk management. The ideal candidate will have a proven track record in leading security initiatives, managing a team of security professionals, and hands-on technical expertise.

Key Responsibilities:

• Develop and implement security strategies to protect Gannett's digital assets.

• Lead and mentor a team of architects, engineers, and analysts to foster a culture of security awareness and continuous improvement.

• Oversee the design, implementation, and maintenance of security systems and infrastructure.

• Lead the cybersecurity incident response team, ensuring rapid and effective response to security incidents.

• Collaborate with other departments to ensure security measures are integrated into all aspects of the company's operations.

• Conduct regular security assessments and utilize continuous monitoring technology to identify vulnerabilities and implement corrective actions.

• Prepare, document, and maintain standard operating procedures, organization standards, and policies.

• Manage and optimize SIEM & logging tools to ensure comprehensive security monitoring and incident detection.

• Oversee vulnerability management and EDR/XDR toolsets to identify and mitigate security threats proactively.

• Implement and manage Identity & Access Management (IAM) and Privileged Access Management (PAM) solutions to safeguard sensitive information.

• Maintain cybersecurity metrics and key performance indicators (KPIs), and report regularly to senior management.

• Stay current with security trends, threats, and technology solutions.

• Ensure compliance with relevant regulations and standards, including NIST, SOX, PCI, SOC2, HIPAA, and others (e.g. CCPA, GDPR, ISO)

• May require off-hours work when responding to security threats.

Qualifications:

• Bachelor's degree in computer science, Information Security, or a related field preferred; advanced degree preferred or industry certification

• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.

• Strong knowledge of security frameworks and standards (e.g., NIST CSF 2.0, OWASP TOP 10, CIS CSC, MITRE ATT&CK, etc. ).

• Experience with cloud security, network security, and application security.

• Excellent problem-solving skills and the ability to work under pressure.

• Strong communication and interpersonal skills, with the ability to collaborate effectively across departments.

• Relevant certifications such as CISSP or CISM are required.

• Proficiency in managing Microsoft security products, including Microsoft Defender, Microsoft Entra, Azure Security Center, and Microsoft Sentinel.

#LI-REMOTE

#LI-NR2

The annualized base salary for this role will range between $150,000 and $160,000. Base compensation is reflective of many factors, including, but not limited to, the market in which one lives/works, individual education level, skills, certifications and experience. Note: variable compensation is not reflected in these figures and based on the role, may be applicable.
recblid p8dh0cik93i2c8mapvoxvh8g9ux1o4

Apply Now