Senior Director, Information Security

The USA TODAY Network, part of the Gannett Co. Inc. (GCI), is a next-generation media company that empowers communities to connect, act, and thrive. We are headquartered in McLean, VA and have unparalleled local-to-national reach, successfully connecting consumers, communities and businesses. With the iconic USA TODAY, 109 strong local media organizations in 33 states and Guam, and with more than 160 local news brands online in the U.K., we provide rich content through hundreds of outstanding affiliated digital, mobile and print products. Our goal is to re-imagine our traditional media roots. This is achieved by creating innovative products and services that leverage our role as an information provider and reach our customers whenever and wherever. Explore the possibilities as a Senior Director, Information Security inside our Enterprise Computing and Risk Management team.

The Senior Director, Information Security will serve as a central point of strategic planning, coordination, and execution of cyber and information security activities across the company. The role will be part of the Gannett Technology organization, reporting to the Vice President of Enterprise Computing and Risk Management, and will directly manage our security engineering team.

Cybersecurity has evolved to be much more than traditional “IT security”, as such the Senior Director, Information Security will work across multiple divisions to bring a holistic approach to the company’s information security initiatives. This will include a cyber security awareness culture by creating and further enhancing engagement awareness programs that reach through the company. This includes working with leadership across Finance, HR, Legal, the newsrooms, as well digital product management and print publishing services.

While staying abreast of latest technology and industry developments around cybersecurity, this role will be our liaison to peers, partners, and law enforcement as related to security activities and incident response.

Other responsibilities will include:

  • Manage company-wide information security governance processes.
  • Establish recurring and long-range security and compliance goals and KPIs. Define metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
  • Recruit and retain high-performing cybersecurity talent. Mentor and directly manage the team towards its core mission.
  • Participate and contribute to internal and external audits relevant to information security and compliance. This includes the responsibility of managing the compliance that currently includes SOX and PCI.
  • Create education and awareness programs and advise teams at all levels on security issues, best practices, and vulnerabilities.
  • Keep abreast of security incidents and act as primary control point during significant information security incidents.
  • Develop an incident response program and protocol. Convene a Security Incident Response Team (SIRT) as needed in addressing and investigating security incidences that arise.
  • Perform special projects and other duties as assigned.

Key Characteristics:

  • Curious and energetic
  • Collaborative and communicative
  • Enthusiastic advocate of security
  • Graceful and controlled under pressure
  • Strong leader and manager of people and teams

Strong Knowledge of following technologies and standards:

  • Identity Management and Security
  • Endpoint protection, device and mobile security
  • Cloud security
  • Cryptography basics (symmetric ciphers, asymmetric ciphers, digital signatures, X.509 certificates)
  • Strong computing fundamentals including: networking protocols (TCP/IP, TLS, HTTP, LAN/WAN), program execution and control flow (processes, forking, syscalls, call stack)
  • Intrusion Detection and Prevention
  • ISO, ANSI, and NIST standards around cybersecurity
  • Working knowledge of security tools, including: NMAP, Nessus, TCPDump, Wireshark, Netcat, and Metasploit
  • ISO / IEC 27000 standards series, ISACA and COBIT
  • Familiarity with the OWASP Top 10, and common attack vectors
  • State and Federal laws governing public companies as related to Information Security
  • PII and privacy standards
  • Special topics relevant to the media industry, such as malvertisement and bot traffic.


  • BS or MS in an Information Technology related field, or equivalent relevant experience.
  • 12 years of professional experience in technical environments, with at least 4 of those years focused on cybersecurity and at least 5 years of management experience.
  • Experience in large national or international companies with a geographically dispersed workforce.
  • Experience in digital media and/or internet driven businesses.

We are a drug free, EEO employer committed to a diverse workforce. We will consider all qualified candidates regardless of race, color, national origin, sex, age, marital status, personal appearance, sexual orientation, family responsibilities, disability, education, political affiliation or veteran status.

Back to top