|Current Gannett Employees- Please ensure you are using our abbreviated process on the internal Careers site by logging into Dayforce through OKTA|
Gannett Co., Inc. (NYSE: GCI) is a diversified media company with expansive reach at the national and local level dedicated to empowering and enriching communities. We seek to inspire, inform, and connect audiences as a scalable, growth focused media and digital marketing solutions company. We endeavor to deliver essential content, marketing solutions, and experiences for curated audiences, advertisers, consumers, and stakeholders by leveraging our diverse teams and suite of products to enrich the local communities and businesses we serve. Our current portfolio of trusted media brands includes the USA TODAY NETWORK, comprised of the national publication, USA TODAY, and local media organizations in the United States, and Newsquest, a wholly-owned subsidiary operating in the United Kingdom. Our digital marketing solutions brand, LocaliQ, uses innovation and software to enable small and medium-sized businesses to grow, and USA TODAY NETWORK Ventures, our events division, creates impactful consumer engagements, promotions, and races. Gannett open roles are featured on various external job boards. When applying to a position at Gannett, you should be completing an application on Gannett Careers via Dayforce. Job postings directing you to complete an application on other external sites may not be valid. To connect with us, visit www.gannett.com
The Director of Information Security will lead Gannett’s security engineering, incident response, and identity management teams to protect our digital assets and infrastructure. This role requires a strategic thinker with a deep understanding of cybersecurity, incident response, and risk management. The ideal candidate will have a proven track record in leading security initiatives, managing a team of security professionals, and hands-on technical expertise.
Key Responsibilities
- Develop and implement security strategies to protect Gannett’s digital assets.
- Lead and mentor a team of architects, engineers, and analysts to foster a culture of security awareness and continuous improvement.
- Oversee the design, implementation, and maintenance of security systems and infrastructure.
- Lead the cybersecurity incident response team, ensuring rapid and effective response to security incidents.
- Collaborate with other departments to ensure security measures are integrated into all aspects of the company’s operations.
- Conduct regular security assessments and utilize continuous monitoring technology to identify vulnerabilities and implement corrective actions.
- Prepare, document, and maintain standard operating procedures, organization standards, and policies.
- Manage and optimize SIEM & logging tools to ensure comprehensive security monitoring and incident detection.
- Oversee vulnerability management and EDR/XDR toolsets to identify and mitigate security threats proactively.
- Implement and manage Identity & Access Management (IAM) and Privileged Access Management (PAM) solutions to safeguard sensitive information.
- Maintain cybersecurity metrics and key performance indicators (KPIs), and report regularly to senior management.
- Stay current with security trends, threats, and technology solutions.
- Ensure compliance with relevant regulations and standards, including NIST, SOX, PCI, SOC2, HIPAA, and others (e.g. CCPA, GDPR, ISO)
- May require off-hours work when responding to security threats.
Qualifications
- Bachelor's degree in computer science, Information Security, or a related field preferred; advanced degree preferred or industry certification
- Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
- Strong knowledge of security frameworks and standards (e.g., NIST CSF 2.0, OWASP TOP 10, CIS CSC, MITRE ATT&CK, etc. ).
- Experience with cloud security, network security, and application security.
- Excellent problem-solving skills and the ability to work under pressure.
- Strong communication and interpersonal skills, with the ability to collaborate effectively across departments.
- Relevant certifications such as CISSP or CISM are required.
- Proficiency in managing Microsoft security products, including Microsoft Defender, Microsoft Entra, Azure Security Center, and Microsoft Sentinel.
The annualized base salary for this role will range between $150,000 and $160,000. Base compensation is reflective of many factors, including, but not limited to, the market in which one lives/works, individual education level, skills, certifications and experience. Note: variable compensation is not reflected in these figures and based on the role, may be applicable.
Gannett Co., Inc. is a proud equal opportunity employer committed to building and maintaining a diverse workforce. As such, we will consider all qualified applicants for employment and do not discriminate in connection with employment decisions on the basis of an applicant or employee’s race, color, national origin, ethnicity, ancestry, citizenship status, sex, gender, gender identity, gender expression, religion, age, marital status, personal appearance (including height and weight), sexual orientation, family responsibilities, physical or mental disability, medical condition, pregnancy status (including childbirth, breastfeeding or related medical conditions), education, genetic characteristics or information, political affiliation, military or veteran status or other classifications protected by applicable federal, state and local laws in the jurisdictions where Gannett employs employees. In addition, Gannett Co., Inc. will provide applicants who require a reasonable accommodation, as a result of an applicant’s disability or religion, to complete this employment application and/or any other process in connection with an individuals’ application for employment with Gannett Co., Inc. Applicants who require such accommodation should contact Gannett Co., Inc.’s Recruitment Department at Recruit@gannett.com.
