Chief Information Security Officer
NantMedia Holdings (Los Angeles Times and the San Diego-Union Tribune)
Los Angeles, CA
Join a team of innovators, journalists, and technologists who are making an impact every day at one of the most iconic media brands in the nation. In today’s climate, how we work, what we produce and how we connect matters more than ever. If you are passionate about journalism and want to drive our award-winning powerhouse in new directions, the Los Angeles Times and the San Diego-Union Tribune (which make up the company NantMedia Holdings) is the place to be.
The Los Angeles Times is the largest metropolitan daily newspaper in the country, with a daily readership of 1.3 million and 2 million on Sunday, more than 30 million unique latimes.com visitors monthly and a combined print and online local weekly audience of 4.6 million. The Pulitzer Prize-winning Times has been covering Southern California for more than 139 years.
The San Diego Union-Tribune is San Diego’s largest media company and its oldest business, dating back to the founding of the Union in 1868. Today, Union-Tribune publications reach more than 96 percent of San Diego County households each week. The company portfolio includes its Pulitzer Prize-winning newspaper, The San Diego Union-Tribune; the region’s leading website, SanDiegoUnionTribune.com; weekly entertainment guide Night + Day; lifestyle magazine Pacific San Diego; Spanish-language weekly Hoy San Diego; and nine community newspapers: the La Jolla Light; Del Mar Times; Encinitas Advocate; Solana Beach Sun; Carmel Valley Times; Poway News Chieftain; Rancho Santa Fe Review; Ramona Sentinel and Rancho Bernardo News Journal.
This position will be based in their El Segundo, CA office, but is currently remote.
The Position: Chief Information Security Officer
We are looking for a Chief Information Security Officer who will be responsible for establishing, leading, and maintaining the information security program to ensure that information data assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the innovative, industry leading digital ecosystem in which NantMedia operates. The Chief Information Security Officer is responsible for identifying, evaluating and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while driving and enabling the business objectives of NantMedia.
A day in the life of a Chief Information Security Officer at NantMedia includes:
Develop and implement a world-class information security program that enables the digital objectives of NantMedia while ensuring the confidentiality, integrity and availability of our digital assets which program addresses Governance, Data Collection & Privacy, Leadership on Security Issues, Strategy Setting, Develop the Framework, Create Internal and External Network and Operate the Function.
- Facilitate an information security governance structure through the implementation of a hierarchical governance program, including the formation of an information security steering committee with regular reporting to senior business leaders.
- Work with purchasing and legal to ensure that information security requirements are included in contracts.
- Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
Data Collection & Privacy Issues
- Overseeing data collection, use, sharing, management, retention and protection practices and policies.
- Partnering with Legal on compliance with data protection and privacy laws.
- Supporting investigations involving unauthorized data access and disclosure.
- Leadership on Security Issues
- Lead the information security function across the enterprise to ensure consistent and high-quality information security management in support of organizational goals.
- Determine the optimal information security approach and operating model in consultation with key stakeholders.
- Manage the budget for the information security function.
- Manage the cost-efficient information security organization, consisting of direct reports, dotted line and outsourced resources.
- Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
- Work effectively with operating units to facilitate information security risk assessment and risk management processes and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.
Develop the Framework
- Develop and enhance an up-to-date information security management framework based on COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Develop, maintain, approve and publish a document framework of continuously up-to-date information security policies, standards and guidelines.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the senior executive levels.
Create Internal and External Networks
- Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
- Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
- Work with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of NantMedia is processed and stored in accordance with applicable laws and other global regulatory requirements.
- Collaborate with legal counsel to ensure that data privacy requirements are included where applicable
Operate the Function
- Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
- Define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Oversee technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk.
- Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
- Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
- Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
- Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard (PCI DSS), and Health Information Trust Alliance (HITRUST).
- Knowledge of data protection and privacy laws, such as: California Privacy Rights Act (CCPA) and California Consumer Privacy Act (CPRA) with related compliance and operational application.
- Knowledge and understanding of COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Up-to-date knowledge of methodologies and trends in both business and IT
- CISSP certification required
- Minimum of 8 to 12 years of experience in information security and IT
- Bachelor’s degree in a related field.
- Experience as a strategic leader and builder of both vision and bridges, who has demonstrated experience in energizing the appropriate teams in the organization.
- Experience in functioning in fast paced, large organization.
- Calmness and clarity of thought while under pressure.
- An understanding of strategic organization objectives and the ability to drive results toward those objectives.
- Openness to, and the ability to deal with, rapid change in needs, processes and technologies.
- Strong communication skills with a proven ability to understand key concepts and communicate effectively with technical staff, key stakeholders and senior management.
- Proven ability to communicate technical concepts to nontechnical people to enhance understanding and drive decisions that lead to positive outcomes.
- Proven ability to collaborate, build relationships and influence individuals at all levels in a matrix-management environment (as well as external vendors and service providers) to ensure that segregation and overlapping roles are identified and coordinated.
- Strong organizational skills, the ability to perform under pressure and management of multiple priorities with competing demands for resources.
- Strong analytical, data-processing and problem-solving skills.
- Proficiency in process formulation and improvement.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objective.
- Project management skills: financial/budget management, scheduling and resource management.
- Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital
Preferred Education, Knowledge, Skills and Abilities
- Master's degree
- CISM certification desired
- Experience in Banking, Government, Financial Industry, Cyber Response or Forensics
- Experience in managing and supporting data incidents and breaches
- IAPP certification(s) a plus
WHY A QUALIFIED PROFESSIONAL SHOULD PURSUE THIS JOB
While the Los Angeles Times and the San Diego Union Tribune are storied enterprises dating back to the 19th Century with the highest journalistic quality, they have been forward-looking—organizationally and technologically—in recent years. Now is a great time to bring your cybersecurity leadership experience to be a part of the future of NantMedia Holdings and all that the company has to offer its global readership and stakeholders.
NantMedia Holdings has retained Diligent Partners with the exclusive management of this important search.
Senior Director/Director, Solutions Delivery
O'Neil Digital Solutions
Los Angeles, CA or Plano, TX
O’Neil Digital Solutions, https://www.oneildigitalsolutions.com, a company of Data Analysis Inc. and founded by William O’Neil, has been a recognized leader in technology-driven, marketing communication services for nearly five decades. Forward-thinking, resourceful, and nimble, O’Neil Digital Solutions (ODS) specializes in Customer Communication Management (CCM) and provides solutions for Customer Experience Management (CXM) primarily for the Healthcare, Insurance, and Financial Services industries. One of its innovative products, ONEsuite, is a robust CCM/CXM platform that supports every stakeholder throughout a client’s enterprise. ODS continues to add capabilities to ONEsuite and has branched out to develop other software products.
ODS Product and Technology is a newly formed division consisting of multiple departments previously in Engineering. This division is focused on software product research, development, and innovation. Product and Technology is a matrixed division, and this role will reside within the Professional Services department of that division.
The Position: Senior Director, Solutions Delivery
ODS seeks an experienced Director or Senior Director who can quickly understand business concepts and client challenges, effectively handle ambiguous situations, be hands-on technically if needed, and is fluent in facilitation and pragmatic project management, including the use of negotiation skills and influence to drive projects to completion in a timely and efficient manner. Some travel may be required on occasion, but most work is anticipated to be in office. The actual level, title, and responsibilities of the position may be adjusted, based upon the candidate.
- Effectively manage implementation of ODS products and customized solutions for clients that operate in compliance-driven environments and deadlines. This includes but is not limited to:
- Confirm alignment of products and solutions with clients’ business needs
- Define program and project planning that aligns with both client and ODS considerations
- Work with various parties to shape methodology details for the engagement
- Own and lead all aspects of program / project delivery and implementation, including partnering with other ODS departments and divisions
- Implement established as well as first version/generation products
- Review business requirements / requests and negotiate gaps with appropriate level of engagement
- Apply technical, product, and business knowledge to review soundness of implementation, as well as confirm schedules and resources are appropriate and balanced for all parties
- Identify, own, and produce pragmatic and applicable program and project management-related deliverables using ODS-standard tools
- Work with clients and ODS teams across multiple locations and time zones
- Identify and position ODS toward future opportunities with clients
- Frequently engage with ODS product teams to understand product and team capabilities and boundaries, including product roadmaps and new features, resource availability, etc.
- Mentor and provide leadership to ODS teams including those in other divisions and departments
- Create growth and development opportunities for ODS staff
- Shape and define various standards & practices as the division grows
- Perform other responsibilities and tasks as they arise
- Practice effective interpersonal and communication skills
- Operate and manage through influence, rather than exclusively through authority
- Can handle highly ambiguous situations and easily adapt to circumstances, even without prior experience or knowledge of such situations
- Effectively navigate competing directions and priorities amongst various parties
- Maintain a sense of ownership at multiple levels, including team and company-level
- Have a natural curiosity and initiative to continuously learn and be able to apply new knowledge effectively and quickly
- Create and lead teams of various levels and roles to success, whether existing or new team members, focusing on maximizing strengths of individuals and balancing team chemistry
- Mentor and support growth of others beyond just direct reports or teams
- Program/project management
- 4+ years in project management
- Senior Director: additional 3+ years in program management
- Successfully delivered multiple complex data-driven and/or transaction-based projects, each including a complex data integration requirement with at least one other system owned by another company (package or custom)
- Implemented custom (non-package) data-driven solutions
- Applied and tailored at least one kind of non-waterfall implementation methodology (Senior Director: multiple kinds of methodologies)
- Led multiple, concurrent projects for at least 2 different clients or stakeholders
- Preferred: experience with various project team sizes and durations
- Preferred: effectively used at least 2 different vendors’ work / project management tools
- Technical experience
- 3+ years in hands-on software engineering/development, including at least 2+ years of SQL or data-driven solutions
- Knowledge of at least 2 different programming languages such that could be effective in code reviews
- Preferred: Applied and contributed to development best practices
- Preferred: Participated in systems architecture, design, and/or integration of complex data-driven and/or transition-based solutions
- Management experience
- Managed a team of at least seven full time equivalents (FTEs), including HR management reporting responsibilities
- Senior Director: Managed direct reports based in a different time zone
- Preferred: Inherited and transformed a team
- Industry/business experience
- 4+ years working with clients or users to gather or review requirements
- Preferred: Worked in at least 2 different industries
- Preferred: Worked at any level for both a larger / slower corporate organization as well as a separate startup, high tech, or entrepreneurial company that wasn’t acquired by the former
- Preferred: Management consulting experience on the technical solutions side with one of the Big X firms
- Bachelor’s degree minimum required
- Nice to have: degree in a STEM discipline
ODS offers a competitive compensation package including a 401(k) savings plan, medical/dental/life insurance coverage, flexible spending and dependent care plan, unlimited PTO, holidays, and profit-sharing benefits.
WHY A QUALIFIED PROFESSIONAL SHOULD PURSUE THIS OPPORTUNITY
This is an ideal role for a Director or Senior Director who has led complex software development projects for IT consulting firms/practices, technology start-ups or such industries as Financial Services, Healthcare, or Media & Entertainment. Candidates who reflect all the skills, meet many of the criteria, but may be less experienced or have different experiences, are also encouraged to apply. ODS projects are unique and fascinating, leverage digital technologies, and will allow you an opportunity to grow and shape yourself and your resources into an efficient, cohesive, high performing team.
As a company, ODS transforms highly complex data into rich, customer-centric communications, and it is doing extraordinarily well in this market segment. Companies in Healthcare, Financial Services, and other major industries rely on ODS for high-volume, high-mix communications that are accurate, timely, and secure. ODS’s customer-centric applications and services include electronic document delivery, mobile and web applications, high-speed digital printing (color and black & white), automated composition, offset printing, warehousing, and fulfillment services. ODS is a solution-based company that offers customers forward thinking solutions to design, create, print, and distribute their client communications as well as solve other business problems. Collectively, ODS’s team of industry experts has over 200 years’ worth of experience and expertise in publishing services and enjoy a global reputation for excellence and innovation. Their broad knowledge base enables it to build and manage innovative solutions for a diverse customer base. They infuse each project with experience and technology tailored to meet each client’s unique requirements.
O’Neil Digital Solutions has retained Diligent Partners with the exclusive management of this important search.