Cybersecurity Compliance Associate

Company Description

Re:Sources is the backbone of Publicis Groupe, the world’s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 4,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury and risk management to help Publicis Groupe agencies do what they do best: create and innovate for their clients.   

In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications and tools to enhance productivity, encourage collaboration and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients.

Job Description

The Cybersecurity Compliance Associate provides IT compliance guidance and consulting to team members and stakeholders across the Publicis Groupe agencies to ensure compliance is met with the information security policies and governmental and industry regulations. This position is responsible for supporting complex compliance programs as a key member of Publicis Re:Sources – Global Security Office (GSO). This position works directly with technical and business leadership teams to ensure security and compliance requirements are maintained. Good project management, written, and technical skills are required.

Core Duties & Responsibilities

• Manage and support multiple ISMS audits or assessments, including ISO 27001 external audits
• Risk scoring and analysis of security risk within the organization
• Refine assessment templates and perform related security assessments in compliance with regulatory/compliance frameworks
• Collect audit evidence from IT teams and validate clear and appropriate details are included prior to submitting to external auditors

Day to Day Activities

• Interface with auditors and organizational stakeholders to facilitate audits and readiness reviews
• Support ISO 27001, SSAE18, and/or Privacy compliance
• Perform risk assessments across multiple platforms or locations
• Mange third-party ISMS or SOC audits as the key liaison for the organization, driving compliance throughout the year and managing the audit with the organization’s third-party auditor
• Improve methods of capturing and presenting status of key compliance requirements in order to produce clear, concise data to enable appropriate decision making. Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitating the timely resolution of any audit findings
• Ensure compliance issues are correctly identified, evaluated, investigated, and resolved
• Identify gaps and advise on mitigating controls to reduce risk
• Provide consultative services to business areas on the appropriate controls needed to ensure ongoing regulatory compliance
• Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the organization
• Conduct kickoff, status, and closing meetings with stakeholders
• Manage, review and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management
• Recognize and identifies potential areas where existing policies, standards and procedures require change
• Review vulnerability management reporting to identify and assess risk in compliance areas
• Design management action plans to address noted issues
• Assist in preparing reports to present to management
• Effective ability to identify and assess the severity and potential impact of risks & communicate risk assessment findings to risk owners. Recommend alternatives to reduce risk.  
• Perform miscellaneous job-related duties as assigned

Qualifications

• Associates or Bachelors degree required
• Minimum 3 years of experience in Security, Risk, and Compliance
• This role recommends one or more active certifications in any of CISSP, CRISC, CISA, CISM or other relevant information security, compliance or audit certifications
• Experience in applying SSAE-18 or PCI audit requirements to business and technical environments while providing a service-oriented leadership approach to maintaining compliance
• Familiarity with Information Security, Compliance & IT Management Standards; ISO27001, PCI-DSS, SSAE-18 SOC 1/2/3, SOX, HIPAA, Privacy, and NIST-CSF
• Understanding of technology frameworks, including NIST CSF and ISO 27001
• Experience supporting security controls, compliance and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, IPS/IDS, DLP, and other security technologies
• Project management skills
• Proficiency with Microsoft Office software, Excel (intermediate to advanced), Word, PowerPoint, Visio, and SharePoint
• Experience and detailed understanding of technology, regulations, and information security or compliance management best practice, processes or methods.
• Technical aptitude, with the ability to effectively communicate with a working knowledge of all areas of IT controls.
• Proficiency in Power BI (preferred)
• Experience in ServiceNow
• Strong understanding of business applications
• Knowledge of network infrastructure
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues

Additional Information

#LI-Hybrid