Analyst, Cybersecurity, Tech Compliance

About The Position

Requirements

• 3+ years of experience in a Technology Risk, Cybersecurity, IT Audit, or Compliance role
• Demonstrated project management skills. Experience managing processes end-to-end, such as an audit cycle or a recertification campaign, keeping multiple stakeholders on task and meeting deadlines

Nice To Haves

• Experience with third-party risk assessment (TPRA) processes and tools
• Direct experience in policy writing and life-cycle management
• Relevant professional certification (e.g., CISA, CISSP, CISM, CRISC, or PCIP)
• Familiarity with compliance in cloud environments (e.g., AWS, GCP)
• Experience with scripting languages, regular expressions, and APIs to automate data collection or integrate compliance tools, driving efficiency in audit or recertification processes

Responsibilities

• Lead the Cybersecurity Policy Program by overseeing the policy portfolio, ensuring all documents remain current and effective, and proactively identifying opportunities to enhance or expand policy coverage.
• Lead the cybersecurity team's role as risk reviewers within the third-party risk assessment (TPRA) process, which involves reviewing submissions, supervising evaluations, providing contract input, and partnering with Sourcing to strengthen the overall third-party risk management (TPRM) strategy.
• Support continuous compliance with PCI DSS to help ensure secure credit card transactions. This involves coordinating with internal teams, staying informed of evolving standards, monitoring credit card usage across the organization, and monitoring/processing scans and output from various security tools.
• Support periodic user access recertification for critical systems and applications. Collaborate with system owners and managers to facilitate timely reviews, track and address inappropriate access, and help iterate on and improve the overall process.
• Act as a subject matter expert (SME) on compliance and assurance activities, including supporting internal and external audits (e.g., SOX, Privacy). Also, respond to client and vendor security inquiries and assist in implementing new regulatory or compliance requirements.
• Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.

Benefits

• dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock.
• Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company-matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs.