Job Description
Company description Re:Sources is the backbone of Publicis Groupe, the world’s third-largest communications group. Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 4,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury and risk management to help Publicis Groupe agencies do what they do best: create and innovate for their clients. In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications and tools to enhance productivity, encourage collaboration and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients. Overview The Senior Associate will ensure that security and compliance concerns within both internal and external initiatives are properly addressed. The Senior Associate will regularly and upon demand meet with internal and external project sponsors and stakeholders, to perform security risk assessments to address security risks. The Senior Associate will document findings, suggest mitigation controls, track security deficiencies, and manage the implementation of suggested mitigations to ensure risks are successfully mitigated. Responsibilities Security Risk Assessment & Governance Perform security risk assessments for projects and suppliers using established security risk assessment methodologies. Conduct security architecture reviews of cloud-based solutions to identify risks and recommend mitigation strategies. Perform gap analyses against contractual obligations and industry compliance frameworks such as ISO 27001, HITRUST, PCI DSS, and HIPAA. Security Controls & Compliance Recommend administrative, technical, and physical security controls to protect sensitive information within project and supplier environments. Create security control requirement checklists, perform control testing, and prepare assessment reports. Monitor and report compliance with agreed security processes for assigned client projects. Audit & Client Support Assist during client audits, assessments, and on-site visits. Ensure high-quality deliverables and maintain strong levels of client satisfaction. Act as a primary point of contact for client projects and suppliers regarding security risk management activities. Stakeholder Management & Collaboration Ensure effective stakeholder engagement across both local and global teams. Build and maintain collaborative relationships across internal teams and external partners. Foster a positive, transparent, and collaborative working environment. Project Coordination & Delivery Management Manage time effectively to ensure project and operational deliverables are completed within established timelines. Support ongoing security initiatives and risk management activities across multiple engagements. Qualifications • Bachelors or Master’s degree in IT, science, math, engineering, computers, security or related field. • 3-5 years of experience in Risk Management internal and verdors, ISMS, ISO 27001 implementation. • Technical certifications such as CCSP, CISSP, CISA is a plus. • Working knowledge of any off the shelf GRC product will be an advantage. • Excellent verbal and written communication skills a must. • Solid understanding of IT security technologies, and particularly security technologies. • Must have ISO 27001 implementation or auditing experience. • Must be familiar with SIG, SSAE compliance, SOC 1, SOC 2 reports. • Must be familiar with security risk assessment methodology (ISO 27005 a plus) and have experience in performing the same. • Must have rudimentary understanding of compliance requirements such as GDPR, MA 201 CMR 17, PCI DSS requirements, HITRUST, HIPPA and information security best practices. • Strong oral communications and writing skills are a must. • Must be a self-starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties. • A ‘can do’ attitude team player who works well under pressure and with dispersed groups, worldwide. • Good communication and presentation skills • Ability to work effectively and collaboratively with stakeholders. • Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences. • Travel: This position will periodically visit other offices; may require domestic or international travel.
• Bachelors or Master’s degree in IT, science, math, engineering, computers, security or related field. • 3-5 years of experience in Risk Management internal and verdors, ISMS, ISO 27001 implementation. • Technical certifications such as CCSP, CISSP, CISA is a plus. • Working knowledge of any off the shelf GRC product will be an advantage. • Excellent verbal and written communication skills a must. • Solid understanding of IT security technologies, and particularly security technologies. • Must have ISO 27001 implementation or auditing experience. • Must be familiar with SIG, SSAE compliance, SOC 1, SOC 2 reports. • Must be familiar with security risk assessment methodology (ISO 27005 a plus) and have experience in performing the same. • Must have rudimentary understanding of compliance requirements such as GDPR, MA 201 CMR 17, PCI DSS requirements, HITRUST, HIPPA and information security best practices. • Strong oral communications and writing skills are a must. • Must be a self-starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties. • A ‘can do’ attitude team player who works well under pressure and with dispersed groups, worldwide. • Good communication and presentation skills • Ability to work effectively and collaboratively with stakeholders. • Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences. • Travel: This position will periodically visit other offices; may require domestic or international travel.
Security Risk Assessment & Governance Perform security risk assessments for projects and suppliers using established security risk assessment methodologies. Conduct security architecture reviews of cloud-based solutions to identify risks and recommend mitigation strategies. Perform gap analyses against contractual obligations and industry compliance frameworks such as ISO 27001, HITRUST, PCI DSS, and HIPAA. Security Controls & Compliance Recommend administrative, technical, and physical security controls to protect sensitive information within project and supplier environments. Create security control requirement checklists, perform control testing, and prepare assessment reports. Monitor and report compliance with agreed security processes for assigned client projects. Audit & Client Support Assist during client audits, assessments, and on-site visits. Ensure high-quality deliverables and maintain strong levels of client satisfaction. Act as a primary point of contact for client projects and suppliers regarding security risk management activities. Stakeholder Management & Collaboration Ensure effective stakeholder engagement across both local and global teams. Build and maintain collaborative relationships across internal teams and external partners. Foster a positive, transparent, and collaborative working environment. Project Coordination & Delivery Management Manage time effectively to ensure project and operational deliverables are completed within established timelines. Support ongoing security initiatives and risk management activities across multiple engagements.