Director, Information Security

Interpublic Group   •  

New York, NY

Industry: Professional, Scientific & Technical Services

  •  

11 - 15 years

Posted 164 days ago

This job is no longer available.

This leadership role reporting directly to the CISO will be key to integrating security throughout the global advertising ecosystem at IPG. This client facing consultative role will help evangelize, advise and help guide implementation of security best practices within corporate IT and our portfolio agencies. Business demand for DevOps, Agile and Public Cloud Services will require this role to lead our cloud security strategy at IPG, overseeing and managing a secure software initiative for our digital agencies, and performing risk assessments as needed in areas such as social media and new cloud products and services

The position requires an individual with a fundamentally strong IT security background, expert cloud skills, consultative skills and the ability to be drive results.

  • Lead the Information Security Steering Committee, which includes driving progress and reaching consensus with the Corporate, Network and Agency CIOs on CISO strategy, goals and initiatives.
  • Manage & oversee the Secure Software Initiative by implementing the S-SDLC policy at Corporate and the agencies, facilitating the Software Security Group and Digital Agency Security Forum, secure software initiative evangelism, code scanning tool rollout and training efforts.
  • Contribute to the information security training program for all employees globally, which includes annual security awareness training, policy specific training, CISO Newsletters, security notifications as well as the global phishing campaign.
  • Develop, maintain, communicate and provide guidance on IPG’s security policies and standards including IoT and secure configuration standards for on premise and cloud technology and ensure the exception flow developed for the right stakeholders to sign off on risk. Work with clients of our agencies to respond to client requests of our security testing and remediation program.
  • Aid in development and maintain Global IT Security Strategies; ensure security technology integration is maintained across all cloud computing resources.
  • Manage the process of gathering, analysing and assessing the current and future threatlandscape, as well as providing management with a realistic overview of risks and threats in the enterprise environment.
  • Utilizing and applying knowledge of Enterprise security and Cloud security specific solutions into projects such as: IAM/IdaaS, CASB, Identity Governance, Cloud SOC/SIEM, Key Management & Encryption
  • Understanding of risk, security, and compliance issues related to Cloud, both industry specific and broader across verticals
  • Develop and coordinate client Cloud Security strategy and define the transition to and adoption of secure cloud services, communicating with project stakeholders to effectively convey requirements of technical and process improvements.
  • Comprehensive expert understanding in many areas of IT and information security, with the ability to describe in business terms the impact of IT and cloud security policies, standards, and architecture, and provide cloud security direction to business and IT personnel.
  • Possess and maintain a firm understanding of the offerings within both Amazon Web Services (AWS) and the Google Cloud platforms for cloud security and their application to IPG.
  • Recommend tactical and strategic initiatives to eliminate or mitigate risks. Actively monitor and assess new and emerging threats posing risk to cloud computing environments.
  • Provide guidance and technical leadership in the development of security standards and guidelines for cloud infrastructure to conform to information enterprise architecture, risk profile and policy requirements.
  • Document and advise on areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
  • Participate in Customer Assessment reviews of organization security controls on behalf of the customers when we store, process or transmit the customer’s data in cloud environments.
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the programs, facilitate appropriate resource allocation and enhance the maturity of the security and compliance program.
  • Initiatives include Vulnerability Management, Patch Management, Security Configuration, Third Party Risk, Phishing Metrics and others.
  • Initiate and hold a monthly meeting with the security leads within Corporate IT and the Agencies in order to help push down security initiatives into the agencies.
  • Establish relationships and work closely with CIOs, IT leads, HR management, Legal, Privacy, Risk Management, IPG IT and IPG’s external auditors
  • Work directly with IPG corporate groups and agencies to identify acceptable levels of risk, and provide guidance with regard to data classification and protection.
  • Contribute to annual CISO strategy through definition of objectives and respective work stream requirements.

  • REQUIRED: CISSP credential, Cloud security certifications such as CCSP and/or AWS, Microsoft cloud certifications strongly desired.
  • REQUIRED: Knowledge and experience of technical security concepts including Risk Assessment, Awareness & Training, Cloud Security, Data Protection, Secure SDLC, Vulnerability Assessment, Secure Configurations, Patch Management, DLP & Rights management.
  • Excellent written and verbal communication skills to both a technical and non-technical audience; strong interpersonal and collaborative skills.
  • Demonstrates thought leader-level abilities with, and/or a proven record of success directing efforts in the following areas: - Working on complex systems, being customer-centric, and delivering results while solving security challenges in innovative ways; - Bringing high level energy, sense of urgency, decisiveness, and ability to work well under pressure; Proven knowledge of security methodologies, policies, standards and best practices
  • Expert level knowledge of cloud system architecture and key cloud security concepts.
  • Expert knowledge of Cloud methodologies (IaaS, PaaS, SaaS), automation, orchestration, cost frameworks, trends and industry-leading cloud security vendor offerings and security
  • Knowledge of AWS security services such as IAM, KMS, and CloudTrail and Google Cloud security services with appropriate security certifications.
  • Proven knowledge of information technology systems, infrastructure and operations including cloud platforms such as AWS, and Azure.
  • Experience with IT Asset Management desired.
  • Ability to assess risks in line with information security objectives and risk tolerance of the company. Excellent project management skills and ability to organize and plan effectively to meet project goals.
  • This position requires a BA / BS degree in Computer Information Systems, Computer Science, Information Systems Management, related field or equivalent work experience such as 10 years of experience in a leadership role in IS/IT security.
  • Experience with the following industry/regulatory requirements and frameworks: ISO27001/2, NIST 800-53, NIST CSF, GDPR
  • Experience in partnering with IT teams from different disciplines in a combined effort to achieve project success
  • Team player with ability to work towards unified objectives

009825