IT Security Senior Associate (Compliance & Audit) - SRKay Consulting Group

The responsibilities associated with the position are as follows:

• Contributes to the broad range of global IT security initiatives as guided by the Leadership of the Global Security Office team.
• Sets and measures security effectiveness inline with services provided by GSO to Groupe agencies.
• Implement and manage a security program that is aliagned with industry standard such as ISO 27001, SOC2, PCIDSS.
• Perform in key compliance activities such as Control gap assessments,Internal security audits and security risk assessments
• Serves as a consultant on administrative, physical and technical security controls required for security compliance. Coordinates the implementation of security controls.
• Contributes to continual improvement of Publicis Groupe’s security policies, standards and guidelines. Gets involved in security documentation on a regular basis as an author or reviewer.
• Maintains awareness of the current industry environment that shapes opportunities for client solutions (i.e. news events, trends, mergers, etc.).
• Provides support to Publicis Groupe agencies on security compliance topics such as ISO 27001 certification, and partners on certification / attestation initiatives as determined by business needs from time to time.
• Participates in security audits of key processes and controls, gap analysis, and risk assessments to assess control operating effectiveness. Interfaces with corporate governance, internal and external auditors.
• Contributes to the security awareness initiatives by publishing security bulletins, blogs, newsletters, etc.

ESSENTIAL JOB REQUIREMENTS:

• Partner with stakholders to identify security compliance needs and process transition opportunities
• Coordinate with different technology groups for control design and implementation needs
• Maintain a support role in information security control implementation and technology risk mitigation projects. Implement improvement program for security compliance processes.
• Demonstrate communication skills regarding essential security risk and compliance concepts, processes, and procedures and their impact on IT and business processes
• Demonstrate interpersonal, presentation, and relationship skills required for supporting the internal and external customers.
• Mandatory language skills (oral, written and listening) : English

OTHER JOB REQUIREMENTS:

• Good communication and presentation skills
• Ability to work effectively and collaboratively with stakeholders.
• Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences.
• Travel: This position will periodically visit other offices; may require domestic or international travel.

Education & Certifications

• Degree from an accredited University, preferably in Computer Science, Information Systems, or a related field; relevant working IT or security  experience considered. Education and experience should also include auditing and/or operational risk management exposure.
• Security certification such as Archer GRC certiifcation, OneTrust GRC profession, GRC ISMS Lead Auditor, ISMS Lead Implementer, CISA, CISM, CISSP or CRISC strongly preferred

Experience

• At least 5 years of IT and / or information security-related experience, including experience in implementation and managing a security program based on ISO 27001 or any other well know security standard or framework
• Familiarity with general information security controls, processes and principles
• Experience in managing or assessing cyber security solutions, with knowledge on cloud solution preferred
• Experience in working for an ISMS (ISO 27001) implementation and maintenance program
• Exposure to other standards like SOX, SSAE 16, PCI:DSS, ISO 22301