Job Description The Cybersecurity ComplianceAssociate provides IT compliance guidance and consulting to team members and stakeholders across the Publicis Groupe agencies to ensure compliance is met with the information security policies and governmental and industry regulations.
This position is responsible for supporting complex compliance programs as a key member of Publicis Re:Sources – Global Security Office (GSO).
This position works directly with technical and business leadership teams to ensure security and compliance requirements are maintained.
Good project management, written, and technical skills are required.Core Duties & ResponsibilitiesManage and support multiple ISMS audits or assessments, including ISO 27001 external auditsRisk scoring and analysis of security risk within the organizationRefine assessment templates and perform related security assessments in compliance with regulatory/compliance frameworksCollect audit evidence from IT teams and validate clear and appropriate details are included prior to submitting to external auditorsDay to Day Activities Interface with auditors and organizational stakeholders to facilitate audits and readiness reviewsSupport ISO 27001, SSAE18, and/or Privacy compliancePerform risk assessments across multiple platforms or locationsMange third-party ISMS or SOC audits as the key liaison for the organization, driving compliance throughout the year and managing the audit with the organization's third-party auditorImprove methods of capturing and presenting status of key compliance requirements in order to produce clear, concise data to enable appropriate decision making.
Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findingsEnsure compliance issues are correctly identified, evaluated, investigated, and resolvedIdentify gaps and advise on mitigating controls to reduce riskProvide consultative services to business areas on the appropriate controls needed to ensure ongoing regulatory complianceAbility to evaluate and recommend preventative and corrective controls to mitigate risk to the organizationConduct kickoff, status, and closing meetings with stakeholdersManage, review and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to managementRecognize and identifies potential areas where existing policies, standards and procedures require changeReview vulnerability management reporting to identify and assess risk in compliance areasDesign management action plans to address noted issuesAssist in preparing reports to present to managementEffective ability to identify and assess the severity and potential impact of risks & communicate risk assessment findings to risk owners.
Recommend alternatives to reduce risk.
Perform miscellaneous job-related duties as assignedQualificationsAssociates or Bachelors degree requiredMinimum 3 years of experience in Security, Risk, and ComplianceThis role recommends one or more active certifications in any of CISSP, CRISC, CISA, CISM or other relevant information security, compliance or audit certificationsExperience in applying SSAE-18 or PCI audit requirements to business and technical environments while providing a service-oriented leadership approach to maintaining complianceFamiliarity with Information Security, Compliance & IT Management Standards; ISO27001, PCI-DSS, SSAE-18 SOC 1/2/3, SOX, HIPAA, Privacy, and NIST-CSFUnderstanding of technology frameworks, including NIST CSF and ISO 27001Experience supporting security controls, compliance and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, IPS/IDS, DLP, and other security technologiesProject management skillsProficiency with Microsoft Office software, Excel (intermediate to advanced), Word, PowerPoint, Visio, and SharePointExperience and detailed understanding of technology, regulations, and information security or compliance management best practice, processes or methods.Technical aptitude, with the ability to effectively communicate with a working knowledge of all areas of IT controls.Proficiency in Power BI (preferred)Experience in ServiceNow Strong understanding of business applicationsKnowledge of network infrastructure Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
