Senior Governance Lead
About The Position
Hearst Technology’s Governance, Risk & Compliance (GRC) organization is seeking a Senior Governance Lead to drive enterprise IT governance strategy, policy architecture, and IT governance program maturity across Hearst’s diverse portfolio of businesses. This role is responsible for shaping how cybersecurity and technology governance practices are defined, implemented, and adopted across Hearst companies. The ideal candidate is a strategic governance leader who can design scalable governance frameworks, harmonize policies across organizations, and build trusted relationships with technology and security leaders across the enterprise. Because Hearst operates in a federated environment, success in this role requires strong collaboration skills and the ability to influence governance adoption across multiple independent businesses. Hearst is also accelerating the use of AI-driven technologies to drive productivity and customer-focused innovation. Experience or familiarity with AI governance or emerging technology risk is a strong advantage.
Requirements
- Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Business Administration, or a related discipline required. Equivalent experience may be considered in lieu of formal education.
- 8+ years of experience in IT governance, cybersecurity governance, or GRC
- Experience developing governance frameworks, policies, or enterprise standards
- Experience working in large enterprise or multi-business organizations
- Strong stakeholder management and executive communication skills
- Experience with governance frameworks such as NIST, COBIT, or ISO 27001
Nice To Haves
- Experience working in federated organizations
- Familiarity with AI governance or emerging technology risk
- Experience developing executive-level metrics and dashboards
- Experience with modern GRC Engineering concepts, including one or more of the following: Governance automation or GRC platform engineering Continuous compliance monitoring Policy-as-code or machine-readable governance frameworks
- Certifications such as CISM, CRISC, CISSP, CISA, or CGEIT
Responsibilities
- Design and evolve the enterprise IT and cybersecurity governance framework for Hearst Technology.
- Establish and mature governance operating models, working groups, and decision forums.
- Align governance practices with industry frameworks such as NIST, ISO 27001, and COBIT to support regulatory and assurance requirements, including PCI, HIPAA, SOX, and SOC 2.
- Own the enterprise information security policy architecture and lifecycle, including harmonization across Hearst companies and management of reviews, approvals, exceptions, and communications.
- Partner with CISOs, CIOs, security leaders, and business stakeholders across Hearst companies to enable adoption of enterprise governance practices.
- Facilitate governance discussions and decision-making across enterprise and business leadership forums.
- Partner with the cybersecurity data engineering function to define governance KPIs, reporting frameworks, and executive reporting on governance maturity and risk visibility.
- Support governance for AI, automation, and emerging technologies by establishing guardrails that enable innovation while managing risk.
- Identify opportunities to improve governance scalability through analytics, automation, and AI.
Benefits
- medical
- dental
- vision
- disability
- life insurance
- 401(k)
- paid holidays
- paid time off
- employee assistance programs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
