Senior Associate Security Risk and Compliance

About the Company

This position is an active member of the Global Security Office (GSO), the security organization of Publicis Groupe under Re:Sources, responsible for supporting security management and compliance activities globally to Groupe agencies. This position supports security requirements of Publicis Groupe, its agencies, and ensures the success of business by working collaboratively with internal and external stakeholders. This position also coordinates dependencies across the disciplines and organization to understand and address the ever-changing security landscape and security-related business requirements. This position reports into Manager/Senior Manager Information Security.

About the Role

This role involves working as an individual contributor in a global team to support the Global ISO 27001/ISMS program and ensuring compliance with security standards.

Responsibilities

• Support in the implementation of the ISO 27001 standard for new teams, functions and locations.
• Perform Gap analysis, drive control implementation, risk assessments, security audits and other activities that are part of ISMS maintenance.
• Interfaces with corporate governance, internal and external auditors.
• Actively participates and contributes to continual improvement activities for the Security Certification, Risk and Compliance program.
• Works as a security point of contact to help agencies in the implementation of new security certifications, primarily ISO 27001, TISAX and other security requirements as determined by business needs.
• Contributes to the broad range of global Information security and risk mitigation initiatives as guided by the Leadership of the Global Security Office team.
• Sets and measures security effectiveness in line with services provided by GSO to Groupe agencies.
• Perform key compliance activities such as Control gap assessments, Internal security audits and security risk assessments.
• Advise business or operational teams on the implementation of administrative, physical and technical security controls required for security policy adherence and compliance.
• Coordinates the implementation of security controls.
• Contributes to continual improvement of Publicis Groupe's security policies, standards and guidelines.
• Gets involved in security documentation on a regular basis as an author or reviewer.
• Maintains awareness of the current industry environment that shapes opportunities for client solutions (i.e. news events, trends, mergers, etc.).
• Contributes to the security awareness initiatives by publishing security bulletins, blogs, newsletters, etc.

Qualifications

• Degree from an accredited University, preferably in Computer Science, Information Systems, or a related field; relevant working IT or security experience considered.
• Education and experience should also include auditing and/or operational risk management exposure.
• Security certification such as CISM, ISO 27001 Lead Implementer, CCSK, CISSP or CRISC strongly preferred.

Required Skills

• Good communication and presentation skills.
• Ability to work effectively and collaboratively with stakeholders.
• Willingness to work with geographically dispersed teams may involve working during non-business hours occasionally to accommodate time-zone differences.
• Mandatory language skills (oral, written and listening): English.

Preferred Skills

• At least 5 years of IT and/or information security-related experience, including experience in implementation and managing a security program based on ISO 27001 or any other well-known security standard or framework.
• Experience in working for an ISMS (ISO implementation and maintenance program.
• Familiarity with general information security controls, processes and principles.
• Experience with technology security solutions such as cyber security solutions such as CSPM (Cloud Security Posture Management), CASB (Cloud Access Security Brokers), CWPP (Cloud Workload Protection Platforms), and Cloud-Native Application Protection Platform (CNAPP).
• Exposure in supporting risk and compliance programs for public cloud solutions (AWS, Azure, SaaS solutions), latest server & network infrastructure and databases based on relevant security requirements.
• Worked on standards and frameworks like TISAX, SOX, SSAE 16, PCI:DSS, SOC1/2, NIST CSF, Cloud security standards (CIS, CSA).
• Exposure to Data Security Posture Management (DSPM) solutions and practical usage of AI solutions in security.