The Team: The Cybersecurity team is a growing group within the Hearst Internal Audit Department dedicated to providing independent and objective assurance over the organization’s cybersecurity risk management and control environment. The team partners with business units and technology stakeholders to assess risk, strengthen controls, and support continuous improvement across Hearst’s diverse global portfolio.
/Key Responsibilities:
Assist in the planning and execution of cybersecurity and IT audits under the direction of audit leadership, including walkthroughs, control testing, and evidence evaluation.
Perform testing of security controls related to access management, vulnerability management, change management, incident response, and third‑party risk.
Document audit procedures, results, and conclusions in accordance with Internal Audit standards and methodologies.
Identify control gaps and potential risks, escalating observations to senior team members with supporting evidence.
Support risk assessments and audit scoping activities by gathering background information on systems, processes, and technologies.
Participate in meetings with business and technology stakeholders to understand processes and validate audit observations.
Track remediation activities and assist in follow‑up testing to validate corrective actions.
Leverage AI-enabled tools and automation to enhance audit efficiency, including data analysis, documentation, risk identification, and research activities, while applying professional judgment to validate outputs.
Stay current on basic cybersecurity concepts, emerging threats, and industry standards to continuously build technical and audit knowledge.
Preferred Knowledge and Skills:
Foundational Cybersecurity Knowledge: Understanding of core security domains such as identity and access management, network security, vulnerability management, and secure system configuration.
Audit & Risk Mindset: Familiarity with internal audit concepts, risk assessment, and control testing methodologies.
Framework Awareness: Working knowledge of cybersecurity and IT frameworks such as NIST CSF, ISO 27001, COBIT, or CIS Controls.
Analytical Skills: Ability to analyze evidence, identify inconsistencies, and clearly document findings.
Communication Skills: Ability to communicate effectively with audit team members and stakeholders, both verbally and in writing.
Collaboration & Learning Orientation: Willingness to learn, accept feedback, and work collaboratively within a team environment.
Required Qualifications:
3–6 years of experience in IT audit, cybersecurity, information security, or a related technical field.
Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, related discipline, or relevant military IT, cyber operations, or intelligence experience providing equivalent technical and operational expertise.
Prior experience with a Big Four public accounting firm (Deloitte, PwC, EY, or KPMG), typically 2–4 years, with a focus on IT audit, cybersecurity, or technology risk.
Active professional certification required: CISA, Security+, and/or CISSP.
Strong understanding of enterprise technology environments, security controls, and risk management concepts.
Ability to operate effectively in a multinational corporate environment and collaborate with diverse technical and business stakeholders.
Willingness and ability to travel domestically and internationally up to approximately 25–30% as part of audit activities.
Fluent in English.
Hearst is a leading global, diversified information, services, and media company dedicated to innovating, informing audiences and leading with purpose, integrity and a culture of care.
Our portfolio includes more than 360 businesses worldwide. On the consumer side, we operate 35 television stations, 28 daily newspapers and publish more than 200 magazine editions featuring many of the most iconic brands in media. We also hold ownership stakes in leading cable networks such as A&E, HISTORY, Lifetime and ESPN. On the business-to-business side, our companies include Fitch Group, a global leader in financial information and analytics; Hearst Health, which provides intelligence and software that improve care outcomes; and Hearst Transportation, which delivers data and software for aviation, automotive and trucking.
Our strength lies in our people. We value the diverse perspectives that move us forward. We are an Equal Opportunity Employer and makes employment decisions without regard to race, color, religion, national origin, sex or gender, sexual orientation, gender identity, gender expression, age, disability, military or veteran status or any other status protected by federal, state, or local law. We also provide reasonable accommodations to applicants and employees consistent with applicable law.
As one of the nation’s largest global, diversified information, services and media companies, Hearst has been leading with purpose and integrity and innovating for more than a century. With a mission to inform audiences and improve lives, the company’s portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing the maintenance of jets and helicopters; 35 television stations; 24 daily and 52 weekly newspapers; more than 200 magazine editions around the world and ownership in cable television networks A&E, HISTORY, Lifetime and ESPN.
Leading with purpose, Hearst is always moving forward. With a commitment to the highest quality in our products and services, we’re investing in healthcare solutions to help improve patient outcomes and technology that curbs emissions. Our brands are providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming. And we are dedicated to serving the communities it operates in, both civically and philanthropically.
