Manager, Cyber Risk & Compliance

Job Description:


● Cyber Strategy, Governance, Risk Management & Compliance

○ Engage leaders from Technology and the business to understand and prioritize cybersecurity risks through formal risk assessments

○ Build and institute a cyber risk management program to focus cybersecurity investments with guidance from the Cybersecurity Steering Committee

○ Maintain a security strategy that incorporates business and technology objectives and outputs from risk assessments

○ Develop and maintain roadmaps and budgets

○ Create tools for regular reporting of the security program, activities and progress across all areas including Secure Design & Architecture and Security Operations

○ Build processes and tools to provide the business visibility of cybersecurity risks and drive accountability

○ Assist in development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate risk and compliance issues

○ Educate and advise technology and business executives as needed on technology risk and compliance issues as well as appropriate mitigation strategies and approaches related to security and risk management

● Responsible for managing the compliance program which currently includes SOX & PCI

● Build a cyber security aware culture by developing and launching a creative and engaging awareness program

● Mature and formalize a third party risk program

● Work to identify and cultivate strong relationships with members of the organization outside of Technology

● Maintain and spread awareness of trends in the threat landscape

● Serve as the primary point of contact for cybersecurity maturity reviews performed by clients

● Leads and manages members of the Risk & Compliance team, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions

● Liaise with other departments to integrate security into key organizational processes

Skills & Experience

● Professional certification in information security (for example, CISSP, CISM or CISA) required

● Minimum six (6) years of information security experience in increasingly responsible roles required

● Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan – from strategy through to ongoing operation and process improvement

● Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company’s operational objectives

● Must possess great oral and written communication skills

● Demonstrated knowledge of recognized security industry standards and leading practices (e.g., PCI, OWASP, NIST, DISA, CIS)

● Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures and cloud computing.

● Experience managing a small team

Company Overview:

Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 125 years and today has one of the world’s largest news gathering operations globally. It produces leading publications and products including the flagship Wall Street Journal, America’s largest newspaper by paid circulation; Factiva, Barron’s, MarketWatch, Financial News, DJX, Dow Jones Risk & Compliance, Dow Jones Newswires, and Dow Jones VentureSource.

Equal Opportunity Employer:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets

Requisition ID 2015-27088

Job Locations USA – NY-NEW YORK

Job Function ..


Job Area1 Technology

Job Area2 ..

Back to top