Job Description The Cybersecurity Compliance Associate provides IT compliance guidance and consulting to team members and stakeholders across the Publicis Groupe agencies to ensure compliance is met with the information security policies and governmental and industry regulations.
This position is responsible for supporting complex compliance programs as a key member of Publicis Re:Sources – Global Security Office (GSO).
This position works directly with technical and business leadership teams to ensure security and compliance requirements are maintained.
Good project management, written, and technical skills are required.
Core Duties & Responsibilities Manage and support multiple ISMS audits or assessments, including ISO 27001 external audits Risk scoring and analysis of security risk within the organization Refine assessment templates and perform related security assessments in compliance with regulatory/compliance frameworks Collect audit evidence from IT teams and validate clear and appropriate details are included prior to submitting to external auditors Day to Day Activities Interface with auditors and organizational stakeholders to facilitate audits and readiness reviews Support ISO 27001 , SSAE18, and/or Privacy compliance Perform risk assessments across multiple platforms or locations Mange third-party ISMS or SOC audits as the key liaison for the organization, driving compliance throughout the year and managing the audit with the organization's third-party auditor Improve methods of capturing and presenting status of key compliance requirements in order to produce clear, concise data to enable appropriate decision making.
Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findings Ensure compliance issues are correctly identified, evaluated, investigated, and resolved Identify gaps and advise on mitigating controls to reduce risk Provide consultative services to business areas on the appropriate controls needed to ensure ongoing regulatory compliance Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the organization Conduct kickoff, status, and closing meetings with stakeholders Manage, review and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management Recognize and identifies potential areas where existing policies, standards and procedures require change Review vulnerability management reporting to identify and assess risk in compliance areas Design management action plans to address noted issues Assist in preparing reports to present to management Effective ability to identify and assess the severity and potential impact of risks & communicate risk assessment findings to risk owners.
Recommend alternatives to reduce risk.
Perform miscellaneous job-related duties as assigned Qualifications Associates or Bachelors degree required Minimum 3 years of experience in Security, Risk, and Compliance This role recommends one or more active certifications in any of CISSP, CRISC, CISA, CISM or other relevant information security, compliance or audit certifications Experience in applying SSAE-18 or PCI audit requirements to business and technical environments while providing a service-oriented leadership approach to maintaining compliance Familiarity with Information Security, Compliance & IT Management Standards; ISO27001, PCI-DSS, SSAE-18 SOC 1/2/3, SOX, HIPAA, Privacy, and NIST-CSF Understanding of technology frameworks, including NIST CSF and ISO 27001 Experience supporting security controls, compliance and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, IPS/IDS, DLP, and other security technologies Project management skills Proficiency with Microsoft Office software, Excel (intermediate to advanced), Word, PowerPoint, Visio, and SharePoint Experience and detailed understanding of technology, regulations, and information security or compliance management best practice, processes or methods.
Technical aptitude, with the ability to effectively communicate with a working knowledge of all areas of IT controls.
Proficiency in Power BI (preferred) Experience in ServiceNow Strong understanding of business applications Knowledge of network infrastructure Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues Additional Information #LI-Hybrid
