Vice President, Cybersecurity and Deputy Chief Information Security Officer

The New York TimesNew York, NY
$275,000 - $290,000Hybrid

About The Position

The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it’s why our business strategy centers on making journalism so good that it’s worth paying for. As Vice President, Cybersecurity and Deputy CISO, you will translate our cybersecurity strategy into operational reality. You will: Lead and integrate core security functions, including security architecture and engineering, threat detection and incident response, security operations, identity and access management, and risk and compliance. Own day-to-day cybersecurity program execution, including annual planning, roadmap delivery, operational reviews and metrics. Serve as the primary operational escalation point for significant security risks and incidents, partnering closely with Global Security, Legal, Communications, Enterprise Technology and business leaders. Act as a visible security leader with executives, senior editors and technology leaders, helping them understand risk, tradeoffs and priorities in practical terms. Serve as acting CISO when needed, including during executive forums, audits and key stakeholder meetings. This is a hybrid role based in our New York City headquarters, reporting to the CISO and Head of Enterprise Technology. You can typically expect to come into the office 3+ days per week.

Requirements

  • 12+ years of progressive experience in cybersecurity or information security, including leadership of large, complex security programs
  • Experience leading multiple security domains, such as security engineering, security operations, incident response, cloud security, identity, application security or GRC
  • Prior experience in a VP, Head of Security, Deputy CISO or similar senior leadership role with accountability for both strategy and execution
  • Deep technical understanding of modern security architectures, including cloud (AWS, GCP or similar), network, endpoint, identity and application security
  • Proven track record leading major incident response efforts and security crisis management, including communication with executives and external stakeholders
  • Strong familiarity with industry frameworks and standards such as NIST CSF, ISO 27001, SOC 2, PCI, HIPAA and data protection regulations
  • Experience working in close partnership with teams across Legal, Privacy, HR, Finance, Internal Audit and external regulators or auditors
  • Expertise building and leading diverse teams, including developing senior managers and cross-functional leaders

Nice To Haves

  • Experience securing media, news, technology or similarly fast-paced, high-profile environments with unique threat models
  • Background working directly with or supporting newsroom, high-risk user or investigative teams
  • Experience presenting to boards or audit committees and supporting public-company security and risk disclosures
  • Experience operating in a global context, including international offices, complex regulatory environments and cross-border data considerations
  • Prior experience shaping AI governance, AI security or emerging-technology security programs

Responsibilities

  • Own the day-to-day execution of the cybersecurity strategy and roadmap, ensuring alignment with company and Technology priorities
  • Translate high-level risk and board-level objectives into concrete programs, projects and measurable outcomes
  • Strategically manage the Cybersecurity budget, including coordinating with finance, setting multi-year forecasts, and managing billing workflows for Cybersecurity vendors
  • Establish and run operating rhythms for Cybersecurity, including staff meetings, portfolio reviews, operational reviews, OKRs and metrics
  • Partner with the CISO on multi-year planning, budget development and investment prioritization across tools, people and services
  • Drive continuous improvement using internal metrics, external benchmarks and findings from assessments, incidents and exercises
  • Provide senior leadership across security engineering, architecture and operations, ensuring our security stack is robust, observable and well-integrated with Enterprise Technology and Developer Platforms
  • Guide the evolution of core controls such as endpoint protection, EDR, SIEM, email security, web security, vulnerability management, secrets management, MDM and identity governance
  • Partner with Enterprise Technology, Developer Platforms and product engineering to embed secure-by-design patterns, guardrails and self-service controls into platforms and workflows
  • Provide oversight and strategic direction for identity and access management, including identity platforms, access orchestration and privileged access
  • Ensure operational excellence for security tooling, including lifecycle management, vendor relationships and integration with incident response and monitoring workflows
  • Oversee threat detection, monitoring and incident response programs, including a modern, automation-forward SOC capability.
  • Serve as senior escalation leader for high-severity incidents, driving real-time decision-making, cross-functional coordination and executive communications
  • Ensure playbooks, tabletop exercises, red/purple team activities and crisis management plans are in place, tested and regularly updated.
  • Partner with Global Security, Business Continuity and Enterprise Technology on integrated resilience programs, including disaster recovery, crisis response and resilience exercises
  • Ensure post-incident reviews lead to durable improvements in controls, processes and architecture
  • Lead cybersecurity governance and risk management frameworks in alignment with NIST CSF 2.0 and other relevant standards
  • Drive the development and use of risk metrics, control health indicators and dashboards to communicate security posture to executives, Audit Committee and other stakeholders
  • Strategically support security education programs to ensure a metrics-driven approach to providing relevant training and resources to our staff
  • Partner with newsroom teams to support the unique threat models of journalists and other high-risk users.
  • Ensure security measures and controls enable, rather than impede, high-stakes newsgathering, international reporting and sensitive investigative work
  • Support programs that protect journalists and high-risk staff across travel, field operations, online harassment and digital threats
  • Lead, mentor and develop senior managers and staff across multiple security disciplines, building a high-performing, inclusive and collaborative team
  • Foster a growth-minded, metrics-driven, blameless culture focused on learning and continuous improvement
  • Support career paths, succession planning and leadership development across Cybersecurity, including preparing future CISO-level leaders
  • Help champion security awareness and education programs that engage staff at all levels in shared security ownership
  • Engage in cross-industry collaboration and knowledge sharing to ensure that The New York Times is up-to-date on latest security events, techniques, and industry norms
  • Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world

Benefits

  • medical
  • dental
  • vision benefits
  • Flexible Spending Accounts (F.S.A.s)
  • a company-matching 401(k) plan
  • paid vacation
  • paid sick days
  • paid parental leave
  • tuition reimbursement
  • professional development programs
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service