Cybersecurity Audit Supervisor

The Role: Hearst's Internal Audit Department is seeking an experienced Cybersecurity Audit Supervisor to lead the development and execution of a comprehensive cybersecurity audit program. The Cybersecurity Audit Supervisor is responsible for identifying and evaluating risks, assessing the design and effectiveness of cybersecurity controls, and providing independent and objective reporting to key stakeholders across Hearst. Hearst is looking for a team player who is enthusiastic about creating a culture of accountability and integrity.

The Team: The Cybersecurity team is a newly formed group within the Hearst Internal Audit Department and is dedicated to providing independent and objective audits over the organization's cybersecurity risk management and control environment. Our mission is to continuously evaluate and strengthen Hearst's cybersecurity framework, ensuring resilience against evolving cyber risks and compliance with company policy, industry standards, and regulations. 

The Company: Hearst is one of the nation’s largest global, diversified information, services and media companies. Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives. The company’s diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world. Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming. With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.

Job Description/Key Responsibilities:

• Develop and implement a risk-based cybersecurity audit plan that aligns with industry frameworks (e.g., NIST CSF) and regulatory requirements. 
• Lead and execute cybersecurity audits across Hearst's diverse business units, assessing the design and operating effectiveness of controls. 
• Evaluate the adequacy of cybersecurity risk management processes and governance structures. 

Partner with the second line of defense (e.g., risk management, compliance) to leverage their expertise and insights in cybersecurity risk management.

• Prepare comprehensive audit reports that clearly communicate findings, risks, and actionable recommendations to senior management and the board. 
• Track and report on the implementation of management's action plans to address audit findings. 
• Stay abreast of the latest cybersecurity trends and best practices to ensure the audit program remains relevant and effective. 
• Provide technical guidance and training to the wider Hearst Internal Audit Department. 
• Build and maintain strong relationships with stakeholders across the organization to foster a culture of cybersecurity awareness and collaboration.
• Other duties as assigned.

Preferred Knowledge and Skills:

• Experience with cybersecurity risk management in a large, complex organization.
• Proven understanding of cybersecurity frameworks (e.g., NIST CSF), risk management principles, and regulatory requirements. 
• Experience with various audit methodologies and techniques, including risk-based auditing.
• Experience with cybersecurity or IT audit, with a proven track record of leading and executing audits.
• Knowledge of relevant cybersecurity laws, regulations, and industry standards (e.g., NIST CSF, ISO 27001, GDPR). 
• Experience with cloud security and other emerging technologies.
• Positive attitude who is self-motivated with a strong work ethic.
• Inquisitive critical thinker who is professionally skeptical.
• Ability to motivate and guide others, with a drive for continuous improvement.
• Demonstrated analytical abilities.
• Excellent oral and written communication skills with the ability to effectively communicate with business leaders across all levels of the organization.
• Strong project management and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
• Refined interpersonal skills with the ability to collaborate confidently and professionally with a diverse range of people.

Required Qualifications: 

• Big 4 experience. 
• 3+ years of relevant work experience in cyber auditing. 
• Professional certification such as CISA, CISSP, CISM, or other relevant designations.
• Fluent in English. Additional languages are a plus.
• Ability to travel based on the scope of businesses subject to testing.