Somehow, I suspect there is much more to the story than a sudden dislike for MFA or phishing-training, especially given that two-ish months ago, The New York Times hired a CISO, Erinmichelle Perri.
Realizing that there are (at least) two sides to every story, I went looking for the NYT perspective. Strangely, I found it on Fox News:
Fox News writes:
"Information Security is critically important to The News York Times, which is why we recently hired our first chief information security officer," the [Times] spokesperson stated. "While we don’t comment on specific personnel decisions, the restructuring of our InfoSec group that was announced yesterday is fully consistent with strengthening The Times’s data security protections in the newsroom and across the organization."
Incidentally, Runa Sandvik's title was "Senior Director of Information Security", not CISO.