Executive Director Information Security & CISO

Position Overview

The Executive Director of Technology & Information Security is a senior leadership role responsible for the development, execution, and oversight of CMG’s enterprise-wide information and technology security program. This includes cybersecurity, risk management, threat and incident response, data privacy, regulatory compliance, and business continuity.

This role reports directly to the Chief Administrative Officer (CAO) and partners closely with the Vice President of Technology, as well as leaders from Broadcast Engineering, Field Operations, Legal, Human Resources, and other key departments to establish and sustain a strong security posture that protects CMG’s digital assets, broadcast infrastructure, customer data, and brand reputation.

This is a strategic and hands-on opportunity for an experienced professional to lead a modern security and privacy program in a dynamic media environment. The ideal candidate combines deep technical expertise with strong business acumen and excels at building partnerships across functions to embed security into operations, innovation, and culture.

Essential Duties and Responsibilities

• Assess and communicate enterprise-wide technology and information risk, including mitigated and residual risk.
• Collaborate with IT and broadcast engineering to ensure timely resolution of high-risk incidents and technical vulnerabilities.
• Lead vulnerability management and penetration testing efforts; oversee remediation planning and prioritization.
• Maintain and continuously improve the incident response plan, conduct tabletop exercises and post-incident reviews
• Recommend and deploy technologies that enhance security, monitoring, auditability, and resilience.
• Manage vendor security performance; define KPIs and ensure accountability of external providers.
• Lead business impact assessments and assist departments in identifying and mitigating operational risks.
• Design, implement, and maintain enterprise security and privacy policies, standards, and controls.
• Review vendor contracts to ensure appropriate security protocols are in place.
• Integrate security and privacy into the system development lifecycle and digital product initiatives.
• Expand and manage third-party security risk assessments and remediation efforts
• Promote a risk-aware culture through security awareness, training, and engagement across all departments.
• Stay informed on emerging threats, regulatory updates, and innovations in cybersecurity and data privacy.
• Develop and lead a privacy strategy that aligns with legal obligations and operational needs.
• Collaborate with key boundary partners—including Legal, Supply Chain, and Public Affairs—on enterprise security initiatives.
• Provide strategic leadership to develop and implement a comprehensive Information Security Program.

Minimum Qualifications

• Minimum of 10 years of experience in information security, with at least 5 years in a leadership or management capacity.
• Bachelor’s degree in computer science, Information Systems, Business, or a related field (or equivalent experience).
• Proven experience leading enterprise security programs, with a solid foundation in security operations (SecOps), incident response, and business resiliency planning.
• Demonstrated success developing and executing security strategies in complex, distributed, or hybrid environments.
• Technical familiarity with identity and access management (IAM), cloud security, endpoint protection, and data loss prevention.
• Deep familiarity with industry frameworks and standards such as NIST CSF, ISO/IEC 27001/27002, CIS Critical Controls, NIST 800 series, and CoBIT.
• Strong written and verbal communication skills, with the ability to articulate technical risks to executive stakeholders.
• Ability to lead through influence, build consensus, and foster collaboration across departments.
• Expertise in process improvement, policy development, and operational governance. Committed to promoting a security-first culture grounded in integrity, inclusion, and continuous learning
• Demonstrated experience managing vendor relationships and negotiating contracts.
• Experienced in coaching and developing a team across functional areas and geographic locations.
• Proven ability to develop and manage security budgets effectively.

Preferred Qualifications

• Industry-recognized certifications such as CISSP, CISM, CRISC, or CISA.
• Media, broadcast, or digital content industry experience is preferred.