Position Overview

Hearst Technology’s Governance, Risk & Compliance (GRC) organization is seeking a Senior Governance Lead to drive enterprise IT governance strategy, policy architecture, and IT governance program maturity across Hearst’s diverse portfolio of businesses. This role is responsible for shaping how cybersecurity and technology governance practices are defined, implemented, and adopted across Hearst companies.

The ideal candidate is a strategic governance leader who can design scalable governance frameworks, harmonize policies across organizations, and build trusted relationships with technology and security leaders across the enterprise.

Because Hearst operates in a federated environment, success in this role requires strong collaboration skills and the ability to influence governance adoption across multiple independent businesses. Hearst is also accelerating the use of AI-driven technologies to drive productivity and customer-focused innovation. Experience or familiarity with AI governance or emerging technology risk is a strong advantage.

What You'll Do

• Design and evolve the enterprise IT and cybersecurity governance framework for Hearst Technology.

• Establish and mature governance operating models, working groups, and decision forums.

• Align governance practices with industry frameworks such as NIST, ISO 27001, and COBIT to support regulatory and assurance requirements, including PCI, HIPAA, SOX, and SOC 2.

• Own the enterprise information security policy architecture and lifecycle, including harmonization across Hearst companies and management of reviews, approvals, exceptions, and communications.

• Partner with CISOs, CIOs, security leaders, and business stakeholders across Hearst companies to enable adoption of enterprise governance practices.

• Facilitate governance discussions and decision-making across enterprise and business leadership forums.

• Partner with the cybersecurity data engineering function to define governance KPIs, reporting frameworks, and executive reporting on governance maturity and risk visibility.

• Support governance for AI, automation, and emerging technologies by establishing guardrails that enable innovation while managing risk.

• Identify opportunities to improve governance scalability through analytics, automation, and AI.

What We're Looking For Required

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Business Administration, or a related discipline required. Equivalent experience may be considered in lieu of formal education.
• 8+ years of experience in IT governance, cybersecurity governance, or GRC
• Experience developing governance frameworks, policies, or enterprise standards
• Experience working in large enterprise or multi-business organizations
• Strong stakeholder management and executive communication skills
• Experience with governance frameworks such as NIST, COBIT, or ISO 27001

Preferred

• Experience working in federated organizations
• Familiarity with AI governance or emerging technology risk
• Experience developing executive-level metrics and dashboards
• Experience with modern GRC Engineering concepts, including one or more of the following:
• Governance automation or GRC platform engineering
• Continuous compliance monitoring
• Policy-as-code or machine-readable governance frameworks
• Certifications such as CISM, CRISC, CISSP, CISA, or CGEIT

In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $165,000 to $175,000. Please note this information is specific to those hired in New York City. For candidates outside New York City, the salary range will be aligned with the specific location. A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills, experience, training, certifications, and education. Hearst provides a competitive benefits package, including medical, dental, vision, disability, and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.