As the Information Security Awareness Program Manager, you will be responsible for leading Hearst’s multi-channel security awareness program and ensure information governance policy management. Your role will directly impact Heart’s overall security posture by focusing on one of the most critical elements our information security portfolio—our people. Your role is essential towards reducing risk by ensuring employees, contractors/contingent workers, freelancers, and vendors are aware of our security requirements and have access to the appropriate governance documents that help them behave in a secure manner. The Information Security Awareness Program Manager helps our workforce understand the security threats they face in their jobs and how to defend against. This role also supports a culture of risk reduction by applying effective change management practices. Role may include serving as a manager of a team member(s) and/or third-party support.

Key responsibilities

• Leads a multi-channel security awareness program involving key stakeholders throughout the organization, including business and corporate function representatives, to understand risks, business objectives, and policy requirements
• Manages security awareness training to ensure all levels of the workforce understand the principles of cyber security, supported by effective change management strategies
• Structures the program to instill long-term behavioral and cultural changes by blending information security, governance, facilitation, and principles of project management
• Vets security awareness content with the appropriate stakeholders before releasing to the workforce
• Creates and maintains a portfolio of interactive awareness campaigns and corresponding, recurring reporting capabilities; oversees the day-to-day operation of the phishing simulations program, including metrics analyses and frequent reporting
• Develops, analyzes, and reports on security awareness metrics; works with key stakeholders to drive adoption of the security awareness program by providing key insights into the workforce’s security awareness, training, and behaviors related to using Hearst’s networks
• Provide end user-focused content and resources to educate and enable the workforce to perform their jobs securely, regardless of the devices they are using or work location
• Administers a remedial training program that enhances end user awareness
• Displays practical knowledge of different program channels to ensure end users continually demonstrate the behaviors necessary to reduce the ‘human factors’ risk
• Leads the metrics and dashboard initiative; works with Hearst business leaders and Hearst Technology Services Leads to identify, develop, and maintain metrics for key business process areas that provide cyber insights into key business process areas.
• Assesses metrics and communicate emerging trends and participate in sessions designed to identify recommendation and solutions
• Leads focus groups and workshops to identify, develop, and assess measurable, outcome-driven metrics
• Produces recurring metrics reports to key stakeholders at the corporate and business group/unit level for informed decision-making and participate in briefings as needed to communicate metrics information and stakeholders’ status
• Gathers information, analyzes trends, and provides recommendation to stakeholders aligned to information governance standards
• Facilitates and conducts workshops for deep-dive discussions, business analysis, collection of requirements, and requirement reviews
• Applies knowledge of governance and compliance, including policy, process, governance, controls frameworks, and regulatory environments
• Assists in preparing for quarterly and ad hoc governance meetings, as needed
• Provides materials for security awareness and education projects and initiatives
• This is role also entails serving as the Hearst Technology Services Change Manager and administering the change management program
• Facilitates Hearst Technology Services’ Change Advisory Board meetings
• Facilitates discussion of change requests submitted through the ServiceNow to ensure members of the Change Advisory Board and invited subject matter experts raise awareness of risks regarding changes to assets in the production environment
• Prepares and maintains documentation directly supporting change management
• Participates in change management strategy sessions to help establish a cohesive, enterprise-wide program, including changes to core infrastructure
• May be involved in the contractual documentation process related to security training
• Maintain the Hearst Information Security SharePoint site

Knowledge, Skills and Experience Requirements

• 7+ years security awareness experience working in information security and demonstrable understanding of information security concepts,
• Solutions driven, strategic thinker who can quickly understand complex security issues and develop the right content for the need
• Proven track record in preparing compelling training for broad audiences
• Strong situational analysis in decision-making abilities involving differing businesses
• Maintains agility; able to work across multiple demands, shifting priorities, and rapid change
• Experience deploying annual training and developing ad hoc, role-based training needed to address threats that challenge the workforce
• Able to maintain awareness of security trends and the current threat landscape
• Excellent verbal and written communication analysis, problem-solving, team, conflict management, and time management skills, with minimal supervision
• Ability to work effectively with business partners, including cross-functional teams, virtual and global teams, and vendor partners positioned in businesses throughout the enterprise
• Able to develop and maintain policies, guidelines, and standards to help ensure a workforce informed of information security requirements and expectations
• Experience measuring effectiveness of security awareness to a global audience leveraging PowerBI and other platforms
• Technical acumen with SharePoint, JIRA, Excel, ProofPoint, ServiceNow, and other business analysis tools preferable
• Working knowledge of the NIST Cyber Security Framework
• Ability to perform as an active, integral part of a team of problem solvers, helping to solve complex business issues from strategy to execution

Education

• Bachelor's degree from four-year college or university; or equivalent training, education in disciplines such as information/cyber security, computer systems, technology, and behavioral sciences/analytics
• CSAP, CISM, CGEIT, GIAC, and/or other equivalent certifications are desirable; understanding principles of PMP and would be helpful to the role
  

In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $110,000 -140,000. Please note this information is specific to those hired in New York City. If this role is open to candidates outside of New York City, the salary range would be aligned to that specific location. A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills and experience, training, certifications, and education.

Hearst provides a competitive benefits package, including medical, dental, vision, disability and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.

Hearst is a leading global, diversified media, information and services company with more than 360 businesses. Its major interests include ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; transportation assets including CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; 33 television stations such as WCVB-TV in Boston and KCRA-TV in Sacramento, California, which reach a combined 19% of U.S. viewers; newspapers such as the Houston Chronicle, San Francisco Chronicle and Times Union (Albany, New York); more than 300 magazines around the world, including Cosmopolitan, ELLE, Men's Health and Car and Driver, and digital services businesses such as iCrossing and KUBRA; and investments in emerging digital entertainment companies such as Complex Networks.

Hearst is an Equal Employment/Affirmative Action employer. Hearst does not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local law. Follow us on Twitter @Hearst. To learn more about Hearst, visit hearst.com.

As part of its continued efforts to maintain a safe workplace for employees, Hearst requires that all employees who receive a written offer of employment on or after November 8, 2021 be fully vaccinated (as defined by the CDC) against the coronavirus by the first day of employment as a condition of employment, to the extent permitted by applicable law. Hearst will consider requests for reasonable accommodations due to medical and/or religious reasons on an individual basis in accordance with applicable legal requirements.

Hearst is a leading global, diversified media, information and services company with more than 360 businesses. Its major interests include ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; transportation assets including CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; 33 television stations such as WCVB-TV in Boston and KCRA-TV in Sacramento, California, which reach a combined 19% of U.S. viewers; newspapers such as the Houston Chronicle, San Francisco Chronicle and Times Union (Albany, New York); more than 300 magazines around the world, including Cosmopolitan, ELLE, Men's Health and Car and Driver, and digital services businesses such as iCrossing and KUBRA; and investments in emerging digital entertainment companies such as Complex Networks.