We break stories, influence ideas, and advance business intelligence and cultural interest. We expose the events that turn markets, the digital breakthroughs that transform art, the demand that drives invention, as well as the political and societal passing moments and lasting consequences. We are the people of Dow Jones. From different fields, backgrounds and viewpoints we invite you to join us.
Examine the world and bring it to others.
Dow Jones’ global Cybersecurity team is seeking a candidate for a hands-on leadership position of Director of Cybersecurity Governance, Risk and Compliance, (GRC) reporting directly to the CISO. The successful candidate will need to be able to work in a fast-paced environment, planning, coordinating, and executing all facets of our NIST-based Cybersecurity program. The most effective candidate will need to work side by side, not only with our technical teams, but also with our Business and Product teams. Some of the duties, but is not limited to, will be ongoing internal audits, annual compliance and regulatory activities, Technology Risk, Enterprise Risk, Supply Chain Management, and Awareness. This position will also lead our Customer Assurance program, which makes this role a strong liaison with our customers.
Responsibilities will include:
Ensure Dow Jones’ cybersecurity strategy and program is being implemented as planned as per compliance requirements.
Lead internal and external audits such as annual SOx, PCI DSS, GDPR, HIPAA, and similar.
Lead and mentor the Cybersecurity GRC team and other functional partners to conduct and meet GRC objectives.
Manage the remediation process including tracking and resolutions of findings from internal and/or external audit findings, risk assessments, and other control assessments.
Develop and maintain a strong partnership with global relevant business and technical leaders and teams, including 3rd parties and affiliate businesses.
Lead the development of technical standards and procedures for IT and business units regarding how to securely configure and implement technology
Lead, develop and manage the training and awareness program, including a company-wide security champions, for all business functions to help make cybersecurity everybody’s responsibility.
Qualifications and Skills:
BA/BS degree in Information Technology, Information Security, Computer Science, Computer Engineering, Cybersecurity, Business, related field or experience.
10+ years of experience in Information Technology, with last 5+ years managing and guiding multifunctional teams.
Deep knowledge of IT Management frameworks and practices such as ITIL or COBIT.
Deep knowledge of Cybersecurity frameworks and practices such as ISO 27001 or NIST.
Deep knowledge of Risk Management frameworks and practices such as ISF IRAM2, ISO 27005 or NIST SP 800-30
Experience in policy development, implementation, socialization and training.
Knowledge of the cyber threat landscape, emerging cyber threats, and cyber-attack frameworks such as MITRE ATT&CK.
Knowledge of Secure Development Lifecycle and Product Development.
Experience leading audits, risk assessments and communicating with customers with the highest level of discretion and confidentiality.
Excellent problem solving, critical thinking, and analytical abilities. High tolerance for ambiguity and complexity, and efficient with limited resources. Intellectual curiosity and passion to drive results.
Ability to identify, attract, and retain top cybersecurity talent.
Track record of creating high performing teams with focus on continuous learning and experimentation.
Proven record of being able to prepare and deliver both strategic and tactical briefing of highly technical matter to senior leadership and/or steering committee.
Excellent communication, negotiation and presentation skills. Ability to effectively communicate, both orally and in writing, through all levels of the organization.
Ability to identify areas of risk, notify stakeholders, and inform leadership of the risk posed along with courses of action.
Ability to multitask, manage priorities and work independently, sometimes during very tight deadlines.
International work experience or experience working as part of a globally dispersed team.
Certifications desired but not required: CISSP, CEH, Security+, SANS certifications, etc.
Dow Jones , Making Careers Newsworthy
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets .
Dow Jones is committed to providing reasonable accommodation for qualified individuals with disabilities, in our job application and/or interview process. If you need assistance or accommodation in completing your application, due to a disability, please reach out to us at TalentResourceTeam@dowjones.com . Please put “Reasonable Accommodation" in the subject line.
Business Area: TECHNOLOGY - INFORMATION SECURITY
Job Category: Security Team
Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 125 years and today has one of the world’s largest news gathering operations globally. It produces leading publications and products including the flagship Wall Street Journal, America’s largest newspaper by paid circulation; Factiva, Barron’s, MarketWatch, Financial News, DJX, Dow Jones Risk & Compliance, Dow Jones Newswires, and Dow Jones VentureSource.Dow Jones is a division of News Corp (NASDAQ: NWS, NWSA; ASX: NWS, NWSLV).
If you are a current employee at Dow Jones, do not apply here. Please go to the Career section on your Workday homepage and view "Find Jobs - Dow Jones." Thank you.
Req ID: 15586