The Team: The Cybersecurity team is a growing group within the Hearst Internal Audit Department dedicated to providing independent and objective assurance over the organization’s cybersecurity risk management and control environment. The team partners with business units and technology stakeholders to assess risk, strengthen controls, and support continuous improvement across Hearst’s diverse global portfolio.

 

Job Description/Key Responsibilities:

• Assist in the planning and execution of cybersecurity and IT audits under the direction of audit leadership, including walkthroughs, control testing, and evidence evaluation.

• Perform testing of security controls related to access management, vulnerability management, change management, incident response, and third‑party risk.

• Document audit procedures, results, and conclusions in accordance with Internal Audit standards and methodologies.

• Identify control gaps and potential risks, escalating observations to senior team members with supporting evidence.

• Support risk assessments and audit scoping activities by gathering background information on systems, processes, and technologies.

• Participate in meetings with business and technology stakeholders to understand processes and validate audit observations.

• Track remediation activities and assist in follow‑up testing to validate corrective actions.

• Leverage AI-enabled tools and automation to enhance audit efficiency, including data analysis, documentation, risk identification, and research activities, while applying professional judgment to validate outputs.

• Stay current on basic cybersecurity concepts, emerging threats, and industry standards to continuously build technical and audit knowledge.

Preferred Knowledge and Skills:

• Foundational Cybersecurity Knowledge: Understanding of core security domains such as identity and access management, network security, vulnerability management, and secure system configuration.

• Audit & Risk Mindset: Familiarity with internal audit concepts, risk assessment, and control testing methodologies.

• Framework Awareness: Working knowledge of cybersecurity and IT frameworks such as NIST CSF, ISO 27001, COBIT, or CIS Controls.

• Analytical Skills: Ability to analyze evidence, identify inconsistencies, and clearly document findings.

• Communication Skills: Ability to communicate effectively with audit team members and stakeholders, both verbally and in writing.

• Collaboration & Learning Orientation: Willingness to learn, accept feedback, and work collaboratively within a team environment.

Required Qualifications: 

• 3–6 years of experience in IT audit, cybersecurity, information security, or a related technical field.

• Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, related discipline, or relevant military IT, cyber operations, or intelligence experience providing equivalent technical and operational expertise.

• Prior experience with a Big Four public accounting firm (Deloitte, PwC, EY, or KPMG), typically 2–4 years, with a focus on IT audit, cybersecurity, or technology risk.

• Active professional certification required: CISA, Security+, and/or CISSP.

• Strong understanding of enterprise technology environments, security controls, and risk management concepts.

• Ability to operate effectively in a multinational corporate environment and collaborate with diverse technical and business stakeholders.

• Willingness and ability to travel domestically and internationally up to approximately 25–30% as part of audit activities.

• Fluent in English.

 

We operate a hybrid work environment. During weeks of non-travel, 3 days a week in the Charlotte, NC office is required.