Analyst, Cybersecurity, Tech Compliance

The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it’s why our business strategy centers on making journalism so good that it’s worth paying for.

About the Role

The New York Times is looking for a motivated analyst to join the team that protects our data, communications, journalists and sources. Our team ensures The New York Times remains compliant with a range of regulations, third-party requirements, and technology policies. The work ranges from managing technology policies that define necessary actions, collaborating with departments across the Company to maintain compliance and conducting assessments. As part of the Cybersecurity department, we work closely with information security teams as well as teams across technology and the business. Responsibilities:

• Lead the Cybersecurity Policy Program by overseeing the policy portfolio, ensuring all documents remain current and effective, and proactively identifying opportunities to enhance or expand policy coverage.
• Lead the cybersecurity team's role as risk reviewers within the third-party risk assessment (TPRA) process, which involves reviewing submissions, supervising evaluations, providing contract input, and partnering with Sourcing to strengthen the overall third-party risk management (TPRM) strategy.
• Support continuous compliance with PCI DSS to help ensure secure credit card transactions. This involves coordinating with internal teams, staying informed of evolving standards, monitoring credit card usage across the organization, and monitoring/processing scans and output from various security tools.
• Support periodic user access recertification for critical systems and applications. Collaborate with system owners and managers to facilitate timely reviews, track and address inappropriate access, and help iterate on and improve the overall process.
• Act as a subject matter expert (SME) on compliance and assurance activities, including supporting internal and external audits (e.g., SOX, Privacy). Also, respond to client and vendor security inquiries and assist in implementing new regulatory or compliance requirements.
• Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.
• This role reports to the Executive Director, Cybersecurity.

Basic Qualifications:

• 3+ years of experience in a Technology Risk, Cybersecurity, IT Audit, or Compliance role
• Demonstrated project management skills. Experience managing processes end-to-end, such as an audit cycle or a recertification campaign, keeping multiple stakeholders on task and meeting deadlines

Preferred Qualifications:

• Experience with third-party risk assessment (TPRA) processes and tools
• Direct experience in policy writing and life-cycle management
• Relevant professional certification (e.g., CISA, CISSP, CISM, CRISC, or PCIP)
• Familiarity with compliance in cloud environments (e.g., AWS, GCP)
• Experience with scripting languages, regular expressions, and APIs to automate data collection or integrate compliance tools, driving efficiency in audit or recertification processes

REQ-019295 The annual base pay range for this role is between: $110,000—$120,000 USD For roles in the U.S., dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock. Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company-matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs. For roles outside of the U.S., information on benefits will be provided during the interview process. The New York Times Company is committed to being the world’s best source of independent, reliable and quality journalism. To do so, we embrace a diverse workforce that has a broad range of backgrounds and experiences across our ranks, at all levels of the organization. We encourage people from all backgrounds to apply. We are an Equal Opportunity Employer and do not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The U.S. Equal Employment Opportunity Commission (EEOC)’s Know Your Rights Poster is available here. The New York Times Company will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email [email protected]. Emails sent for unrelated issues, such as following up on an application, will not receive a response. The Company encourages those with criminal histories to apply, and will consider their applications in a manner consistent with applicable "Fair Chance" laws, including but not limited to the NYC Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act. For information about The New York Times' privacy practices for job applicants click here. Please beware of fraudulent job postings. Scammers may post fraudulent job opportunities, and they may even make fraudulent employment offers. This is done by bad actors to collect personal information and money from victims. All legitimate job opportunities from The New York Times will be accessible through The New York Times careers site. The New York Times will not ask job applicants for financial information or for payment, and will not refer you to a third party to do so. You should never send money to anyone who suggests they can provide employment with The New York Times. If you see a fake or fraudulent job posting, or if you suspect you have received a fraudulent offer, you can report it to The New York Times at [email protected]. You can also file a report with the Federal Trade Commission or your state attorney general. Apply tot his job Apply To this Job