Regional Information Security Officer
Description:
Job Description
Role Summary
The Regional Information Security Officer (RISO) will be an embedded Omnicom Content Studios (OCS) security & risk professional, charged with assisting their local team and aligned with the Corporate Security function to assist in the maturation the security posture for their Practice Area/Network's business and services. Reporting to the Omnicom Content Studios Business Information Security Officer (BISO), this role will be focused on the governance, implementation and compliance of the Corporate Information Security policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data/systems, specific to Omnicom Content Studios. The RISO will also be expected to assist with internal security consultancy to support strategy and identify information Security related risks and proactively work with all support departments including Human Resource, Facilities, Finance, Information Technology and Corporate Security to ensure that Information risks are identified, assessed, and mitigated in all situations where possible.
Responsibilities
Build and maintain global relationships with OCS business units and stakeholders to support local security activities with focus on continuous improvement and program maturation.
Work with BISO and Corporate Security to deliver administrative and technical controls, in line with organizational policies, standards, contracts, and/or regulatory obligations.
Support strategic and tactical alignment of corporate technology to overall security to business objectives for all divisions within region.
Assist in responding to client requirements such as RFP/RFI, audits, security questionnaires, contract negotiation and client meetings as relates to security where appropriate.
Collaborate with the OCS IT departments to identify and address internal/external security risks management and governance issues, developing treatment plans to address risk or reduce the risk to an acceptable level while aligning with the Corporate Risk Management Framework and practices.
Participate in implementation and management of OCS and Corporate platforms, e.g. endpoint protection, encryption, SIEM, CASB, perimeter controls
Assist with regular testing and applicable remediation efforts of critical infrastructure, high-risk applications, and processes.
Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with OCS specific content, facilitating cyber security awareness activities and security awareness concepts locally to be suitable for the business.
Participate in the coordination and documentation of Business Continuity Plans and appropriate exercising across their assigned Practice Area/Network.
Assist with OCS and CSIRT responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents
Provides additional leadership in support of the CIO's strategic initiatives through dotted line reporting to the Regional CIOs.
Partner with Practice Area/Network technical operations staff for reporting on information program posture and compliance within all markets within the region
Maintain up to date knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies
Qualifications/Experience
Minimum 5 years of experience in IT, Information Security, IT Audit or related area
Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., ISO27001, PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, CobiT)
Industry recognized certifications (CISA, CISSP, CISM) preferred
Bachelor's degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field or related experience preferred
Experiencee In production, content studio, digital, tech, marketing agency preferred
Skills
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
Ability to cultivate relationships and act as a consultancy to varied stakeholders including cross-functional / peer relationships with diverse, global teams
Proven track record of managing security in operations programs, strategic services, and projects to minimize risk exposure to the business
Possess a technical skill relevant to Information Security
Strong problem solving and analytical skills
Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
Experience in project management and corporate security environment for a global company in such areas as policy creation, training / awareness, physical security controls, etc.
Good understanding of security, administration, design, and implementation of operating systems and network security controls for both physical hardware and cloud-based SAAS / hosted solutions
Strong interest in and of understanding of infrastructure security concepts, cloud-based architecture, security controls and technologies, industry best practices, access controls, forensics and metrics
Awareness of global data protection / privacy laws and regulations and risk management methodologies
Willingness to undertake information security certifications
What's in it for you?
Given we push to create smart, simple, iconic, globally impactful work that makes culture, we understand this requires the hard work and dedication of an extremely talented and innovative collection of people.
Therefore, we have designed our benefits package to first and foremost take care of our teams, to say, "thank you", but beyond that, it is there to ensure that you are rewarded for the incredible work you deliver and receive the recognition that goes along with that.
From continued learning and development, life insurance for protection and peace of mind, family care leave (for those important times), well-being and mental health support – to volunteer days and a great work environment with an international and talented team – basically, we've got you covered!
Be Grizzlee (OCS) is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or any other protected characteristic as outlined by federal, state, or local laws.
Standard range for this role is roughly $120,000-$170,000. Actual amounts will vary depending on experience, skills, potential impact, and scope of role.