Tuesday, November 23, 2021
Gannett Co., Inc. (NYSE: GCI) is a subscription-led and digitally focused media and marketing solutions company committed to empowering communities to thrive. With an unmatched reach at the national and local level, Gannett touches the lives of millions with our Pulitzer-Prize winning content, consumer experiences and benefits, and advertiser products and services.
Our current portfolio of media assets includes USA TODAY, local media organizations in 46 states in the U.S., and Newsquest, a wholly owned subsidiary operating in the United Kingdom with more than 120 local news media brands. Gannett also owns the digital marketing services companies ReachLocal, Inc., UpCurve, Inc., and WordStream, Inc., which are marketed under the LOCALiQ brand, and runs the largest media-owned events business in the U.S., USA TODAY NETWORK Ventures.
To connect with us, visitwww.gannett.com
The purpose of the Principle IT Compliance Analyst role is to drive overall effectiveness of the companys Cybersecurity Governance, Risk and Compliance program. The Principle Analyst engages in complex and concurrent projects or audit activities as directed by senior management supporting compliance activity (SOX, PCI, Privacy, and similar standards) as a subject matter expert demonstrating depth and breadth of knowledge that includes technology, operational, financial, and regulatory understanding across multiple compliance areas.The position will report directly to the Director of Technology Compliance and Risk Management and will be expected to engage with Information Security and other teams within Technology and senior management.
- Lead and contribute to the design and implementation of IT General and Application Controls to ensure Gannetts compliance obligations are met (e.g.: PCI, SOX, HIPAA, Privacy, etc.). Provide coordination and support for internal and external audits.
- Owns the IT policy catalog / repository and conducts IT policy reviews. Reviews, revises, and where appropriate, proposes new policies and procedures to ensure compliance with applicable laws and regulations. Leads IT Risk & Compliance activity through development of new or updated IT related policies.
- Facilitates risk assessments to evaluate, prioritize, and quantify the potential impact of risks and vulnerabilities associated with controls, systems, and findings.
Assess the company's control environment using the NIST Cybersecurity Framework (CSF). Contribute to the design and implementation of IT security controls to ensure Gannett's compliance with NIST CSF.
- Assess the company's control environment using the NIST Cybersecurity Framework (CSF). Contribute to the design and implementation of IT security controls to ensure Gannett's compliance with NIST CSF.
- Serve as a member of compliance, security, and other boards and committees as needed.
- Bachelor's or masters degree in a computer or information management, or other related fields.
- Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or Certified Information Security Manager (CISM).
- 7-10 years of experience in Information Technology Compliance, Audit or Risk Management in the following areas: Developing, evaluating or implementing IT General and Application controls; Developing cybersecurity and technology policies; Supporting an enterprise-wide cybersecurity metrics and reporting program
- Supporting an IT third-party management program.
- Intimate understanding of Sarbanes Oxley, PCI, HIPAA and Privacy.
- Excellent documentation and communication skills.
- Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate.
- Strong organizational skills.
- Detail-oriented, focus on developing solutions from the ground up.
- Self-motivated, inquisitive.
- Level of adaptability; open to changes in organization or process.
- Desire to stay ahead of emerging trends.
- Ability to manage time and balance multiple projects.
- Strong understanding of various technologies (servers, networking, virtualization, client devices, and cloud) and security controls needed to protect them.
Gannett Co., Inc. is a proud equal opportunity employer committed to building and maintaining a diverse workforce. As such, we will consider all qualified applicants for employment and do not discriminate in connection with employment decisions on the basis of an applicant or employees race, color, national origin, ethnicity, ancestry, citizenship status, sex, gender, gender identity, gender expression, religion, age, marital status, personal appearance (including height and weight), sexual orientation, family responsibilities, physical or mental disability, medical condition, pregnancy status (including childbirth, breastfeeding or related medical conditions), education, genetic characteristics or information, political affiliation, military or veteran status or other classifications protected by applicable federal, state and local laws in the jurisdictions where Gannett employs employees.
In addition, Gannett Co., Inc. will provide applicants who require a reasonable accommodation, as a result of an applicants disability or religion, to complete this employment application and/or any other process in connection with an individuals application for employment with Gannett Co., Inc. Applicants who require such accommodation should contact Gannett Co., Inc.s Recruitment Department at Recruit@gannett.com.