Los Angeles Times · 1 month ago
Senior IT Security Engineer
El Segundo, CA
Full-time
Onsite
Senior Level, Lead/Staff
$145K/yr - $160K/yr
8+ years expLos Angeles Times is seeking a Senior IT Security Engineer to assess, recommend, and maintain a robust information security infrastructure. The role involves overseeing project management for security initiatives, ensuring compliance with PCI DSS, and managing relationships with security providers while contributing to IT optimization efforts.
AdvertisingEventsFashionLifestyleNewsPrintingPublishingSocial Media
Responsibilities
Oversee the Managed Security Services Provider (MSSP), ensuring their services and performance delivery are consistent with our published SLAs
Conduct internal assessments and audits to ensure compliance with the most recent PCI DSS and other relevant security standards
Collaborate with various departments to identify, evaluate, and mitigate vulnerabilities and risks in payment card processing environments
Develop, maintain, and update a comprehensive PCI compliance program, including policies, procedures, and documentation
Oversee the management of security infrastructure and ensure its robustness against potential threats
Provide guidance and support to business units and IT teams on implementing secure payment card processing practices
Liaise with external Qualified Security Assessors (QSAs) during annual PCI DSS assessments and facilitate the remediation of any identified gaps
Train and educate staff on PCI DSS requirements and best practices for protecting cardholder data
Track updates to PCI DSS standards and ensure timely implementation of required updates and changes within the organization
Prepare Reports on Compliance (ROCs) and Self-Assessment Questionnaires (SAQs) for annual reporting on the Company’s status to the Payment Card Industry Data Security Standard (PCI-DSS)
Present and obtain Senior IT Management approval of process improvements and implement process modifications successfully
Determines whether company information systems comply with existing policies, standards, architectures, procedures, laws, regulations, and other requirements
Generate and audit monthly vulnerability reports, quarterly network scans, and bi-annual penetration tests to ensure compliance and remediation tasks and activities are completed within SLA periods
Work collaboratively with Application Support, Network Infrastructure, Enterprise Architecture & DevOps, Product & Program Management, Data Science, Digital Engineering, and IT Operations teams
Work with the legal department to develop and maintain IT Security Compliance and Governance contract provisions for external service providers and vendors
Perform quarterly follow-up activities to report on status and/or mitigation completion
Assist in the development and maintenance of a robust incident response plan for security breaches and incidents involving cardholder data
Generate regular reports on compliance status, security assessments, and remediation efforts for senior executive management and relevant stakeholders
Participate in security and compliance projects as required
Perform other tasks as assigned
Qualification
Required
Bachelor's degree in Information Technology, Information Security, Computer Science (or a related field), and 8+ years of experience in information security, with specific experience in PCI DSS compliance OR 10+ years of experience in information security, with specific experience in PCI DSS compliance
6+ years of experience with security tools and technologies used for information security and compliance monitoring
Expert knowledge of information security principles, vulnerability scanning, remediation, reporting, data protection laws, and payment industry standards
Excellent analytical, problem-solving, and decision-making skills
Adaptable communicator tailoring messages for diverse audiences
Detail-oriented with the ability to manage multiple tasks and projects simultaneously
In-depth understanding and experience in IT governance, risk management, and compliance software tools
Advanced knowledge of IT security principles, including those that apply to cloud infrastructure (Azure, AWS, Google Cloud), network, database, application security, firewalls, multi-factor authentication mechanisms, and identity and access management
Adept at the application of technical understanding of the following areas: Access and Authentication, Data Security, Secure Software Development, Infrastructure and IT Operations, Boundary Protection, Vulnerability Management, Business Continuity, and Disaster Recovery
Ability to work independently and within a team to accomplish assigned tasks timely and accurately
Demonstrated work ethic and professionalism
Preferred
Professional certifications such as PCI ISA (Internal Security Assessor), PCIP (PCI Professional), CISSP (Certified Information Systems Security Professional), CISM, CISA (Certified Information Systems Auditor), CIS, NIST, HIPAA are highly desirable
Company
Los Angeles Times
The Los Angeles Times is the largest metropolitan daily newspaper in the country, with a daily readership of 1.2 million and 2.1 million on Sunday, more than 32 million unique latimes.com visitors monthly and a combined print and online local weekly audience of 4.4 million.
1001-5000 employees
H1B Sponsorship
Los Angeles Times has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (1)
2023 (1)
2022 (2)
Funding
Current Stage
Late StageTotal Funding
$0.25MKey Investors
Meta Journalism Project
2023-02-27Grant· $0.25M
2000-06-01Acquired
Leadership Team
Lee Fentress
EVP, Business Development
Recent News
2025-11-01
2025-11-01
2025-10-27
Company data provided by crunchbase