IT Risk and Compliance Analyst
Be part of the Media & Advertising Industry! Eclaro is looking for an IT Risk and Compliance Analyst for our client in New York, NY.
Eclaro’s client is a full lifecycle advertising and media agency providing advertising, direct marketing, public relations, brand development, and digital strategy to their client base in over 96 countries. They represent some of the most trusted brands and have created iconic campaigns. If you’re up to the challenge, then take a chance at this rewarding opportunity!
- Manage and sustain initiatives regarding information security compliance on global Client Contracts in coordination with the Global Director of Security.
- Participate in client contract discussions; align capabilities of affiliates to these contractual obligations.
- Engage the appropriate resources to assist with applying the required policies, procedures, technology safeguards as applicable and approved by IT Leadership to ensure compliance.
- Interact and partner closely with account management, Business Partners, clients, legal and as directed.
- Participate in information security and compliance planning processes to establish an inclusive and comprehensive information security program for the entire organization.
- Be cognizant of information security issues and regulatory changes. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Risk Management and Incident Response
- Keep abreast of security incidents and act as a control point during significant information security incidents.
- Coordination with CoreTech and Legal, as needed, in addressing and investigating security incidences.
- Provide oversight, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Provide feedback and be the escalation contact within the assigned region for all security, risk and compliance issues to the Global Director of Security in addition to relevant CoreTech and IBM management.
- Examine impacts of new technologies on overall information security. Establish processes for reviewing implementation of new technologies to ensure security compliance.
- Participate in the development and implementation of effective and reasonable policies and practices aligned with General Computing Control ( "GCC”) program to secure sensitive data, and ensure compliance with relevant regulations, client contracts and legal interpretation.
- Oversee and monitor the implementation of the Corporate IT General Computing Controls Compliance Program within the assigned region.
- Communicate the control requirements of the Corporate Compliance Program to the local country management and IT teams.
- Ensure information security policies are fully communicated and implemented across
- Educate local country management and IT teams in performing the needed compliance tasks.
- Review and verify compliance tasks submissions to the GCC Tracker weekly and on-going with the Modulo GRC tool.
- Administer and analyze the Vendor Risk Management program within the assigned region using the Modulo GRC Tool.
- Conduct annual Control Self Assessments and periodic remote internal audits whenever required and identify where corrective actions are needed. Provide guidance around remediation activities.
- Lead efforts to internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for
- Coordinate, track and notify management of information technology and security related assessment, survey and/or audit requests including scope of these requests, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope and in accordance with Company policy. Provide guidance, evaluation and advocacy on these responses aligned with company policy, contractual obligations and applicable laws and regulations.
- Report to the Global Director of Information Security and Compliance on a regular basis to review progress on program implementation and assist with establishing improvement plans.
- Coordinate and execute all SOX compliance with assigned region.
- Help to develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors to align with multiple frameworks such as, ISO27000, NIST 800-54, NIST 800-171, PCI, HIPAA, GLBA, FISMA, Privacy Shield, Data Protection and Privacy, etc.
- 3-5 years practical experience in technology risk and control or IT audit (Big four audit firm experience is a plus). Experience in a global corporate multicultural environment
- Bachelor's degree or equivalent in IT or business
- Ideally holding any; CISSP/CISA/CISM/CRISC/CGEIT/ITIL or equivalent certification (or working towards)
- Strong communication & influencing skills plus a good understanding of business processes, organization and markets.
- Demonstrable experience in program / project management.
- Experienced in all aspects of project governance, e.g. security and integrity management.
- Good analytical skills and use of methodologies.
- Good financial and business competencies.
- Ability to influence and resolve conflict with senior stakeholders.
- ISO:27001 audit and certification programs experience desirable
- Has broad knowledge of key risks and controls in IT
- Sound analytical skills
- Proficient (to an intermediate level) on MS Excel, Word and PowerPoint.
- Proficient in English as a business language
- Ability to problem-solve, think creatively, challenge the status quo and manage ambiguity.
- Proven ability to work both independently and as part of a team, with professionals / stakeholders at all levels.
Interested in applying?
Contact Charly Vie at firstname.lastname@example.org now.
Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.