Job Description

This position is an active member of the Global Security Office (GSO), the security organization of Publicis Groupe under Re:Sources, responsible for supporting security compliance activities globally to Groupe agencies. This position supports security requirements of Publicis Groupe, it’s agencies, and ensures the success of business by working collaboratively with internal and external stakeholders. This position also coordinates dependencies across the disciplines and organization to understand and address the ever-changing security landscape and security-related business requirements. This position reports into Sr. Manager/Manager Information Security

THE RESPONSIBILITIES ASSOCIATED WITH THE POSITION ARE AS FOLLOWS:

• Contributes to the broad range of global IT security initiatives as guided by the Leadership of the Global Security Office team.
• Sets and measures security effectiveness inline with services provided by GSO to Groupe agencies.
• Implement and manage a security program that is aliagned with industry standard such as ISO 27001, SOC2, PCIDSS.
• Perform in key compliance activities such as Control gap assessments,Internal security audits and security risk assessments
• Serves as a consultant on administrative, physical and technical security controls required for security compliance. Coordinates the implementation of security controls.
• Contributes to continual improvement of Publicis Groupe’s security policies, standards and guidelines. Gets involved in security documentation on a regular basis as an author or reviewer.
• Maintains awareness of the current industry environment that shapes opportunities for client solutions (i.e. news events, trends, mergers, etc.).
• Provides support to Publicis Groupe agencies on security compliance topics such as ISO 27001 certification, and partners on certification / attestation initiatives as determined by business needs from time to time.
• Participates in security audits of key processes and controls, gap analysis, and risk assessments to assess control operating effectiveness. Interfaces with corporate governance, internal and external auditors.
• Contributes to the security awareness initiatives by publishing security bulletins, blogs, newsletters, etc.

ESSENTIAL JOB REQUIREMENTS:

• Partner with stakeholders to identify security compliance needs and process transition opportunities
• Coordinate with different technology groups for control design and implementation needs
• Maintain a support role in information security control implementation and technology risk mitigation projects. Implement improvement program for security compliance processes.
• Demonstrate communication skills regarding essential security risk and compliance concepts, processes, and procedures and their impact on IT and business processes.
• Demonstrate interpersonal, presentation, and relationship skills required for supporting the internal and external customers.
• Mandatory language skills (oral, written and listening) : English

OTHER JOB REQUIREMENTS:

• Good communication and presentation skills
• Ability to work effectively and collaboratively with stakeholders.
• Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences.
• Travel: This position will periodically visit other offices; may require domestic or international travel.

Qualifications

PERFORMANCE STANDARDS & EXPECTATIONS

EDUCATION & CERTIFICATIONS

• Degree from an accredited University, preferably in Computer Science, Information Systems, or a related field; relevant working IT or security  experience considered. Education and experience should also include auditing and/or operational risk management exposure.
• Security certification such as Archer GRC certiifcation, OneTrust GRC profession, GRC ISMS Lead Auditor, ISMS Lead Implementer, CISA, CISM, CISSP or CRISC strongly preferred

EXPERIENCE

• At least 5 years of IT and / or information security-related experience, including experience in implementation and managing a security program based on ISO 27001 or any other well know security standard or framework.
• Familiarity with general information security controls, processes and principles
• Experience in managing or assessing cyber security solutions, with knowledge on cloud solution preferred
• Experience in working for an ISMS (ISO 27001) implementation and maintenance program
• Exposure to other standards like SOX, SSAE 16, PCI:DSS, ISO 22301

CORE COMPETENCIES

• Team Work
• Communication
• Results Driven
• Customer Focus
• Relationships
• Adaptability to Change
• Continuous Improvement
• Technical Competencies
• GRC solutions
• Security Audits
• Security Risk Assessments and mitigations
• Security Control implementations

Additional Information

All your information will be kept confidential according to EEO guidelines.

This job description in no way states or implies that these are the only duties to be performed by the employee(s) currently in this position. Employee(s) will be required to follow any other job related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.

A review of this position has excluded the marginal functions of the position that are incidental to the performance of fundamental job duties. All duties and responsibilities are essential job functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbent(s) will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities.

This document does not create an employment contract, implied or otherwise, other than an "at-will" relations.