Vice President, Cybersecurity and Deputy Chief Information Security Officer
Thenewyorktimes · New York, NY · Posted Jul 8, 2026
Apply on company site Track it in JobSkout
The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it’s why our business strategy centers on making journalism so good that it’s worth paying for.
About the Role:
As Vice President, Cybersecurity and Deputy CISO, you will translate our cybersecurity strategy into operational reality.
You will:
Lead and integrate core security functions, including security architecture and engineering, threat detection and incident response, security operations, identity and access management, and risk and compliance.
Own day-to-day cybersecurity program execution, including annual planning, roadmap delivery, operational reviews and metrics.
Serve as the primary operational escalation point for significant security risks and incidents, partnering closely with Global Security, Legal, Communications, Enterprise Technology and business leaders.
Act as a visible security leader with executives, senior editors and technology leaders, helping them understand risk, tradeoffs and priorities in practical terms.
Serve as acting CISO when needed, including during executive forums, audits and key stakeholder meetings.
This is a hybrid role based in our New York City headquarters, reporting to the CISO and Head of Enterprise Technology. You can typically expect to come into the office 3+ days per week.
Responsibilities:
Program leadership and strategy execution
Own the day-to-day execution of the cybersecurity strategy and roadmap, ensuring alignment with company and Technology priorities
Translate high-level risk and board-level objectives into concrete programs, projects and measurable outcomes
Strategically manage the Cybersecurity budget, including coordinating with finance, setting multi-year forecasts, and managing billing workflows for Cybersecurity vendors
Establish and run operating rhythms for Cybersecurity, including staff meetings, portfolio reviews, operational reviews, OKRs and metrics
Partner with the CISO on multi-year planning, budget development and investment prioritization across tools, people and services
Drive continuous improvement using internal metrics, external benchmarks and findings from assessments, incidents and exercises
Security architecture, engineering and operations
Provide senior leadership across security engineering, architecture and operations, ensuring our security stack is robust, observable and well-integrated with Enterprise Technology and Developer Platforms
Guide the evolution of core controls such as endpoint protection, EDR, SIEM, email security, web security, vulnerability management, secrets management, MDM and identity governance
Partner with Enterprise Technology, Developer Platforms and product engineering to embed secure-by-design patterns, guardrails and self-service controls into platforms and workflows
Provide oversight and strategic direction for identity and access management, including identity platforms, access orchestration and privileged access
Ensure operational excellence for security tooling, including lifecycle management, vendor relationships and integration with incident response and monitoring workflows
Detection, incident response and resilience
Oversee threat detection, monitoring and incident response programs, including a modern, automation-forward SOC capability.
Serve as senior escalation leader for high-severity incidents, driving real-time decision-making, cross-functional coordination and executive communications
Ensure playbooks, tabletop exercises, red/purple team activities and crisis management plans are in place, tested and regularly updated.
Partner with Global Security, Business Continuity and Enterprise Technology on integrated resilience programs, including disaster recovery, crisis response and resilience exercises
Ensure post-incident reviews lead to durable improvements in controls, processes and architecture
Governance, risk, compliance and security education
Lead cybersecurity governance and risk management frameworks in alignment with NIST CSF 2.0 and other relevant standards
Drive the development and use of risk metrics, control health indicators and dashboards to communicate security posture to executives, Audit Committee and other stakeholders
Strategically support security education programs to ensure a metrics-driven approach to providing relevant training and resources to our staff
Newsroom and high-risk user security
Partner with newsroom teams to support the unique threat models of journalists and other high-risk users.
Ensure security measures and controls enable, rather than impede, high-stakes newsgathering, international re…