Penguin Random House is looking for an Information Security Manager to join the Corporate Information Security team. The Corporate Information Security team owns the Information Security Management System (ISMS) responsibilities for the company and delivers an information security foundation to achieve and maintain legal, regulatory, and contractual compliance.
The IS Manager will be focused on evaluating technology controls, supporting risk assessments, leading audit coordination, and executing control activities related to fraud, training, and policy management.
The ideal candidate will have the mindset of a Risk Manager and the organizational skills of a Project Manager who can communicate complex security issues and requirements with diverse audiences in a way that drives understanding, collaboration, and ownership.
Who you are:
Deeply knowledgeable of Information Security standards and best practices. Confident and willing to ask questions and raise issues in a timely manner. Process oriented with strong project management skills to ensure accountability and high-quality results. Strong verbal and written communicator with the ability to quickly build rapport with internal and external stakeholders. Ability to adapt to change, including evolving business and technical environments, and manage multiple priorities while meeting deadlines in a challenging environment. Team player with a collaborative work style. Self-motivated and able to work efficiently with minimal oversight/direction.
What you’ll do:
Risk Management
Assist in the assessment and implementation of the global Information Security Management System (ISMS) requirements, which include Risk Assessments, Control Gap Assessments, and Business Impact Analyses. Drive risk mitigation activities by owning the design, tracking, and progress of action plans across various processes, technologies, and business areas. Develop and execute an internal audit program that aligns with internal Information Security requirements, external regulations, and risk findings. Enhance the company's risk register by defining metrics and reporting on key risk indicators (KRIs) and key performance indicators (KPIs). Manage the Information Security compliance of a portfolio of standalone companies owned by Penguin Random House.
Fraud Management
Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary. Liaise with the Legal Department and takedown services to address typo squatting, social media impersonations, and email fraud.
Policy Development
Define and document Corporate Information Security policies and guidelines to align with regulations, industry best practices, and special topics. Manage and maintain the Information Security policy repository and support policy communications and distribution.
Training & Awareness
Enhance cybersecurity awareness by promoting employee education, managing anti-phishing campaigns, and communicating best practices. Develop security awareness materials and quick reference guides to present to stakeholders across the organization, including senior management.
Project Management
Operationalize Corporate Information Security projects through all implementation stages from defining requirements to training end users. Track Corporate Information Security program tasks and effectively communicate program health and effectiveness, key accomplishments, and risks to senior management both within Security and to other business stakeholders.
Must Have:
At least 5 years of experience in cyber security, technology risk, GRC, and/or technical compliance roles. Strong understanding of security concepts and practical usage Strong understanding of policy and data management Strong understanding of risk management and project management. Strong understanding and practical experience working with ISO 27001, ISO 27701, NIST cyber framework, or others such as PCI-DSS, HITRUST, NIST SP800-53, NIST SP800-171, and CMMC. Experience in evaluating and implementing controls. Demonstrated history of successfully executing projects with an emphasis on delivering results. Familiarity with Governance Risk & Compliance (GRC) tools.
Nice to Have:
Bachelor's degree or at least 4 years of relevant experience. Possession of any Industry licenses or certifications (CISSP, CISM, CISA, CRISC etc.).
This role is open to remote candidates.
The salary range for this position is $100,000 - $125,000. All positions are currently eligible for annual profit award or bonus, subject to company results.
Please apply by August 15th , 2025, and include your resume for consideration. Before applying for any role at Penguin Random House, we recommend you review our applicant resources page and our FAQs page.
Penguin Random House job postings include a good faith compensation range for each open position. The salary range listed is specific to each particular open position and takes into account various factors including the specifics of the individual role, and candidate's relevant experience and qualifications.
Full-time employees are eligible for our comprehensive benefits program. Our range of benefits include, but are not limited to, Medical/Prescription drug insurance, Dental, Vision, Health Care/Dependent Care Flexible Spending Account, Health Savings Account, Pre-Tax and Roth 401(k), Short and Long-Term Disability Insurance, Life/AD&D Insurance, Commuter Benefits, Student Loan Repayment Program, Educational Assistance & generous paid time off.
Penguin Random House is the leading adult and children's publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution. Our vibrant and diverse international community of nearly 300 publishing brands and imprints include Ballantine Bantam Dell, Berkley, Clarkson Potter, Crown, DK, Doubleday, Dutton, Grosset & Dunlap, Little Golden Books, Knopf, Modern Library, Pantheon, Penguin Books, Penguin Press, Penguin Random House Audio, Penguin Young Readers, Portfolio, Puffin, Putnam, Random House, Random House Children's Books, Riverhead, Ten Speed Press, Viking, and Vintage, among others. More information can be found at http://www.penguinrandomhouse.com/.
Penguin Random House values the array of talents and perspectives that a diverse workforce brings. All qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status.
Company: Penguin Random House LLC | Job ID: 281936