This position is an active member of the Global Security Office (GSO), the security organization of Publicis Groupe under Re : Sources, responsible for supporting security compliance activities globally to Groupe agencies.
This position supports security requirements of Publicis Groupe, it’s agencies, and ensures the success of business by working collaboratively with internal and external stakeholders.
This position also coordinates dependencies across the disciplines and organization to understand and address the ever-changing security landscape and security-related business requirements.
This position reports into Sr. Manager / Manager Information Security
Contributes to the broad range of global security initiatives as guided by the Leadership of the Global Security Office team.
Sets and measures security effectiveness inline with services provided by GSO to Groupe agencies.
Reviews the client security requirements e.g. security terms in Master Services Agreements (MSAs), Statement of Work (SOW), etc.
and ensures those requirements can be met by Publicis Groupe agencies through implementation of security controls.
Participates in client security discussions on contractual requirements and ensures a common understanding of the security controls required to protect the client information and other compliance requirements.
Responds to client security questionnaires, requests for proposal / information, annual compliance reviews, and attends client meetings.
Serves as a consultant on administrative, physical and technical security controls required for security compliance. Coordinates the implementation of security controls.
Participates in internal and external security audits. Supports the Publicis Groupe agencies by managing the client-sponsored audits.
Serves as the focal point of internal, external and customer security audit requests and testing.
Coordinates evidence production on request, coordinates availability of resources and systems, and ensures readiness for each audit cycle.
Contributes to continual improvement of Publicis Groupe’s security policies, standards and guidelines. Gets involved in security documentation on a regular basis as an author or reviewer.
Maintains awareness of the current industry environment that shapes opportunities for client solutions (i.e. news events, trends, mergers, etc.).
Participates in recruitment and hiring activities, including interviewing and conducting hiring exercises for Associates, Sr. Associates.
Coordinates and participate in various ISMS related activities such as Risk assessment, ISMS security audit, etc.
Provides support to Publicis Groupe agencies on security compliance topics such as ISO 27001 certification, PCI DSS and partners on certification / attestation initiatives as determined by business needs from time to time.
Participates in security audits of key processes and controls, gap analysis, and risk assessments to assess control operating effectiveness.
Interfaces with corporate governance, internal and external auditors.
Contributes to the security awareness initiatives by publishing security bulletins, blogs, newsletters, etc.
Partner with agencies to address their clients’ security requirements.
Promote business partnerships regarding compliance risk issues with internal and external stakeholders.
Maintain a support role in information security implementation. Implement improvement program for security compliance processes.
Demonstrate communication skills regarding essential security risk and compliance concepts, processes, and procedures and their impact on IT and business processes.
Demonstrate interpersonal, presentation, and relationship skills required for supporting the internal and external customers.
Mandatory language skills (oral, written and listening) : English
Good communication, written and presentation skills
Ability to work effectively and collaboratively with stakeholders.
Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences.
Travel : This position will periodically visit other offices; may require domestic or international travel.
Degree from an accredited University, preferably in Computer Science, Information Systems, or a related field; relevant working IT or security experience considered.
Education and experience should also include auditing and / or operational risk management exposure.
Security certification such as ISMS Lead Auditor, ISMS Lead Implementer, CISA, CISM, CISSP or CRISC strongly preferred
At least 3+ years of IT and / or information security-related experience, including at least 2+ years audit, risk or compliance experience
Familiarity with general information security controls, processes and principles
Experience in managing an ISMS (ISO 27001) implementation
Exposure to other standards like SOX, SSAE 16, PCI : DSS, Cloud security standards
Adaptability to Change
Security Risk Assessments