Vice President, Cybersecurity and Deputy Chief Information Security Officer
ExternalPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
As Vice President, Cybersecurity and Deputy CISO, you will translate our cybersecurity strategy into operational reality. You will: Lead and integrate core security functions, including security architecture and engineering, threat detection and incident response, security operations, identity and access management, and risk and compliance. Own day-to-day cybersecurity program execution, including annual planning, roadmap delivery, operational reviews and metrics. Serve as the primary operational escalation point for significant security risks and incidents, partnering closely with Global Security, Legal, Communications, Enterprise Technology and business leaders. Act as a visible security leader with executives, senior editors and technology leaders, helping them understand risk, tradeoffs and priorities in practical terms. Serve as acting CISO when needed, including during executive forums, audits and key stakeholder meetings. This is a hybrid role based in our New York City headquarters, reporting to the CISO and Head of Enterprise Technology. You can typically expect to come into the office 3+ days per week.
Responsibilities
- Program leadership and strategy execution
- Own the day-to-day execution of the cybersecurity strategy and roadmap, ensuring alignment with company and Technology priorities
- Translate high-level risk and board-level objectives into concrete programs, projects and measurable outcomes
- Strategically manage the Cybersecurity budget, including coordinating with finance, setting multi-year forecasts, and managing billing workflows for Cybersecurity vendors
- Establish and run operating rhythms for Cybersecurity, including staff meetings, portfolio reviews, operational reviews, OKRs and metrics
- Partner with the CISO on multi-year planning, budget development and investment prioritization across tools, people and services
- Drive continuous improvement using internal metrics, external benchmarks and findings from assessments, incidents and exercises
- Security architecture, engineering and operations
- Provide senior leadership across security engineering, architecture and operations, ensuring our security stack is robust, observable and well-integrated with Enterprise Technology and Developer Platforms
- Guide the evolution of core controls such as endpoint protection, EDR, SIEM, email security, web security, vulnerability management, secrets management, MDM and identity governance
- Partner with Enterprise Technology, Developer Platforms and product engineering to embed secure-by-design patterns, guardrails and self-service controls into platforms and workflows
- Provide oversight and strategic direction for identity and access management, including identity platforms, access orchestration and privileged access
- Ensure operational excellence for security tooling, including lifecycle management, vendor relationships and integration with incident response and monitoring workflows
- Detection, incident response and resilience
- Oversee threat detection, monitoring and incident response programs, including a modern, automation-forward SOC capability.
- Serve as senior escalation leader for high-severity incidents, driving real-time decision-making, cross-functional coordination and executive communications
- Ensure playbooks, tabletop exercises, red/purple team activities and crisis management plans are in place, tested and regularly updated.
- Partner with Global Security, Business Continuity and Enterprise Technology on integrated resilience programs, including disaster recovery, crisis response and resilience exercises
- Ensure post-incident reviews lead to durable improvements in controls, processes and architecture
- Governance, risk, compliance and security education
- Lead cybersecurity governance and risk management frameworks in alignment with NIST CSF 2.0 and other relevant standards
- Drive the development and use of risk metrics, control health indicators and dashboards to communicate security posture to executives, Audit Committee and other stakeholders
- Strategically support security education programs to ensure a metrics-driven approach to providing relevant training and resources to our staff
- Newsroom and high-risk user security
- Partner with newsroom teams to support the unique threat models of journalists and other high-risk users.
- Ensure security measures and controls enable, rather than impede, high-stakes newsgathering, international rep
Benefits
Additional Information
The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It's why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It's why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it's why our business strategy centers on making journalism so good that it's worth paying for.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at thenewyorktimes? Share your experience