Re:Sources is the backbone of Publicis Groupe, the world’s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 4,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury and risk management to help Publicis Groupe agencies do what they do best: create and innovate for their clients. In addition to providing essential, everyday services to our agencies,
Re:Sources develops and implements platforms, applications and tools to enhance productivity, encourage collaboration and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients.
Overview
This position is an active member of the Global Security Office (GSO), the security organization of Publicis Groupe under Re:Sources, responsible for supporting security management and compliance activities globally to Groupe agencies. This position supports security requirements of Publicis Groupe, it’s agencies, and ensures the success of business by working collaboratively with internal and external stakeholders. This position also coordinates dependencies across the disciplines and organization to understand and address the ever-changing security landscape and security-related business requirements. This position reports into Sr. Manager/Manager Information Security.
Responsibilities
Program Implementation and Support Responsibilities:
- Work as an individual contributor in the Global team to support the Global ISO 27001/ISMS program.
- Support the implementation of the ISO 27001 standard for new teams, functions, and locations.
- Contribute to the broad range of global Information security and risk mitigation initiatives as guided by the Leadership of the Global Security Office team.
Analysis, Assessment, and Audit Responsibilities:
- Perform Gap analysis, drive control implementation, risk assessments, security audits, and other activities that are part of ISMS maintenance.
- Perform key compliance activities such as Control gap assessments, internal security audits, and security risk assessments.
Interface and Coordination Responsibilities:
- Interface with corporate governance, internal, and external auditors.
- Coordinate with different technology groups for control design and implementation needs.
- Partner with stakeholders to plan, implement, operate, and improve various ISO 27001 programs.
Security and Improvement Responsibilities:
- Actively participate and contribute to continual improvement activities for Security Certification, Risk, and Compliance programs.
- Work as a security point of contact to help agencies implement new security certifications, primarily ISO 27001, TISAX, and other security requirements as determined by business needs.
- Contribute to continual improvement of Publicis Groupe’s security policies, standards, and guidelines. Gets involved in security documentation on a regular basis as an author or reviewer.
- Contribute to security awareness initiatives by publishing security bulletins, blogs, newsletters, etc.
Advisory Responsibilities:
- Advise business or operational teams on the implementation of administrative, physical, and technical security controls required for security policy adherence and compliance. Coordinate the implementation of security controls.
Awareness and Knowledge Maintenance Responsibilities:
- Maintain awareness of the current industry environment that shapes opportunities for client solutions (i.e., news events, trends, mergers, etc.).
Performance Measurement Responsibilities:
- Set and measure security effectiveness inline with services provided by GSO to Groupe agencies.
Qualifications
Essential Job Requirements:
- Possess essential project management skills to drive ISO 27001 implementation projects.
- Demonstrate communication skills regarding essential security risk and compliance concepts, processes, and procedures, and their impact on IT and business processes.
- Demonstrate interpersonal, presentation, and relationship skills required for supporting internal and external customers.
- Maintain a support role in information security control implementation and technology risk mitigation projects. Implement improvement programs for security compliance processes.
- Mandatory language skills (oral, written, and listening): English and Spanish.
- Optional language skills (oral and listening): Portuguese.
Other Job Requirements:
- Good communication and presentation skills.
- Ability to work effectively and collaboratively with stakeholders.
- Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences.
- Travel: This position will periodically require visiting the office, especially during internal and external audits.
Education & Certifications:
- Degree from an accredited University, preferably in Computer Science, Information Systems, or a related field; relevant working IT or security experience considered. Education and experience should also include auditing and/or operational risk management exposure.
- Security certification such as ISMS Lead Auditor, ISMS Lead Implementer, CISA, CISM, CISSP, or CRISC strongly preferred.
Experience:
- At least 5 years of IT and/or information security-related experience, including experience in implementation and managing a security program based on ISO 27001 or any other well-known security standard or framework.
- Familiarity with general information security controls, processes, and principles.
- Experience in managing or assessing cybersecurity solutions, with knowledge of cloud solutions preferred.
- Experience in working for an ISMS (ISO 27001) implementation and maintenance program.
- Exposure to other standards like TISAX, SOX, SSAE 16, PCI:DSS, SOC1/2.
