OPMG: Regional Information Security Officer

YOUR ROLE: 
The Regional Information Security Officer (RISO) will be an embedded Practice Area/Network security & risk professional, charged with assisting their local team and aligned with the Corporate Security function to assist in the maturation the security posture for his/her Practice Area/Network’s business and services. Reporting to the Practice Area/Network Business Information Security Officer (BISO), this role will be focused on the governance, implementation and compliance of the Corporate Information Security policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data/systems, specific to their Practice Area/Network. The RISO will also be expected to assist with internal security consultancy to support strategy and identify information Security related risks and proactively work with all support departments including Human Resource, Facilities, Finance, Information Technology and Corporate Security to ensure that Information risks are identified, assessed, and mitigated in all situations where possible.

RESPONSIBILITIES:
• Build and maintain global relationships with Practice Area/Network business units and stakeholders to support local security activities with focus on continuous improvement and program maturation. 
• Work with BISO and Corporate Security to deliver administrative and technical controls, in line with organizational policies, standards, contracts, and/or regulatory obligations. 
• Support strategic and tactical alignment of corporate technology to overall security to business objectives for all divisions within region. 
• Assist in responding to client requirements such as RFP/RFI, audits, security questionnaires, contract negotiation and client meetings as relates to security where appropriate. 
• Collaborate with the Practice Area/Network IT departments to identify and address internal/external security risks management and governance issues, developing treatment plans to address risk or reduce the risk to an acceptable level while aligning with the Corporate Risk Management Framework and practices. 
• Participate in implementation and management of Practice Area/Network and Corporate platforms, e.g. endpoint protection, encryption, SIEM, CASB, perimeter controls 
• Assist with regular testing and applicable remediation efforts of critical infrastructure, high-risk applications, and processes. 
• Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with Practice Area/Network specific content, facilitating cyber security awareness activities and security awareness concepts locally to be suitable for the business. 
• Participate in the coordination and documentation of Business Continuity Plans and appropriate exercising across their assigned Practice Area/Network. 
• Assist with Practice Area/Network and CSIRT responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents 
• Provides additional leadership in support of the CIO’s strategic initiatives through dotted line reporting to the Regional CIOs. 
• Partner with Practice Area/Network technical operations staff for reporting on information program posture and compliance within all markets within the region 
• Maintain up to date knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies 
 
QUALIFICATIONS/EXPERIENCE:
• Minimum 4 years of experience in IT, Information Security, IT Audit or related area
• Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., ISO27001, PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, CobiT)
• Industry recognized certifications (CISA, CISSP, CISM) preferred. 
• Bachelor’s degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field or related experience preferred.

SKILLS:
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
• Ability to cultivate relationships and act as a consultancy to varied stakeholders including cross-functional / peer relationships with diverse, global teams 
• Proven track record of managing security in operations programs, strategic services, and projects to minimize risk exposure to the business. 
• Possess a technical skill relevant to Information Security
• Strong problem solving and analytical skills 
• Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives 
• Experience in project management and corporate security environment for a global company in such areas as policy creation, training / awareness, physical security controls, etc. 
• Good understanding of security, administration, design, and implementation of operating systems and network security controls for both physical hardware and cloud-based SAAS / hosted solutions 
• Strong interest in and of understanding of infrastructure security concepts, cloud-based architecture, security controls and technologies, industry best practices, access controls, forensics and metrics 
• Awareness of global data protection / privacy laws and regulations and risk management methodologies 
• Willingness to undertake information security certifications 

About OPMG

Omnicom Precision Marketing Group aligns Omnicom's global digital, data and CRM capabilities to deliver precisely targeted and meaningful customer experiences at scale. Using its universal framework of connected data, connected intelligence and connected experiences, OPMG provides services that include data-driven product / service design, technology strategy and implementation, CRM / loyalty strategy and activation, econometric and attribution modeling and digital experience design and development. At the core of delivering these services is Omni, an advanced technology platform that combines a powerful cultural insights engine with massively scaled data insights from first-, second- and third-party sources, including several proprietary Omnicom data partnerships.

“As an EEO/Affirmative Action Employer all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.

OPMG provides a competitive salary and comprehensive benefits plan. Benefits for this role include health/vision/dental insurance, 401(k), stock options, Healthcare & Dependent Flexible Spending Accounts, vacation, sick, and personal days and positive activism days, paid parental leave and disability benefits. For more information regarding Omnicom benefits, please visit www.omnicombenefits.com. A reasonable estimate of the salary for this role, at the time of posting, is $120,000-$175,000. This range is specific to NYC and multiple factors are considered in making compensation decisions including, but not limited to: skill set, experience and training, certifications; etc. This is an exempt position. If your requirements fall outside of this range, you are still welcome to apply.

NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.