Senior Vice President, Information Security and Risk
DJE Holdings is a new kind of agency.
DJE Holdings is the parent company of Edelman and its award-winning sister agency Zeno Group. Edelman is a leading global communications marketing firm that partners with many of the world’s largest and emerging businesses and organizations, helping them evolve, promote and protect their brands and reputations.
Edelman owns specialty firms Edelman Intelligence (research). DJE Holdings also oversees specialty firms United Entertainment Group, a DJE Company (entertainment, sports and brand experiences), Assembly (strategic communications on behalf of Microsoft), Edible (food and beverage), krispr (communications) and Revere (tech-enabled)
We are at the crossroads of PR, Advertising, Social, Digital, and Experiential. We create smart, innovative, and powerful work that gets people talking. We believe great brands are built in real time. Our team plans, creates and amplifies stories that matter to our clients' business, brands and ultimately, their customers. We combine Edelman’s incredible communication credentials with deep digital expertise to create integrated and effective communications and experiences for our clients.
SVP Information Security and Risk
This role is the top security executive at DJE Holdings. He or she will report directly to the Global CIO. This role is the top sec exec that combines highly strategic (policy, legal and regulatory) in parallel with the tactical execution of security operations.
This position leads the Information Security and Risk function to secure and protect our environment globally and keeps Edelman compliant with regulatory and legislative requirements as well as counsels clients and client teams on relevant matters.
This role works closely with HR, Legal, and other groups to oversee and coordinate security efforts across the company. The role has direct reports in Chicago and in India, and has responsibility for numerous 3rd party companies/services delivering parts of Edelman’s security program.
He or she must be able to bridge the technical and procedural nature of the role with the pragmatism to get the job done. Prior global experience is necessary in this role.
• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Direct operations and support for the enterprise security portfolio and develop and launch new initiatives to keep pace with evolving business requirements and cyber threat landscape.
• Define the processes to identify various IT security concerns, gaps and remedial actions to ensure the security of the business
• Identify, analyze, and evaluate business IT continuity risks to help prioritize and guide appropriate mitigation efforts
• Create, communicate and implement a risk-based process for vendor management, including the assessment of risks that may result from partners, consultants and other service providers
• Oversee the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary.
•Advise executive management of changes in the technical, legal and regulatory arenas affecting information security and computer crime.
• Work closely with relevant client teams to ensure our engagements align with our internal policies
• Liaise with client teams to provide counsel for relevant clients in the information security and privacy sector and Identify opportunities where we can advance our client offer using relevant technology
• Play an active part in the IT Leadership team effectively representing the function as well as contributing to wider topics
• Manage a team of 6 security professionals across all cyber / audit / risk disciplines, ensure the cohesion and common purpose of a global team and foster professional development.
Skills and Qualifications
• Minimum of 10 years of progressive experience in a combination of information security, risk management, and IT roles. At least 5 years in a senior leadership role, ideally with public relations, advertising, creative, digital, media, and/or professional services experience.
• Strong executive presence and a proven ability to be a trusted business partner, to influence, and to be able to present analysis and recommendations in a clear and compelling manner to both technical and non-technical audiences, including executive management.
• Demonstrate a truly global view of the domain, understanding the requirements and nuances of our business across the geographies we operate in.
• Deep technical understanding across all information security domains such that s/he can interpret technical architectures (and their implications) and challenge ideas / solutions.
• Knowledge of relevant legal/regulatory requirements and common information security and privacy frameworks - ISO/IEC 27001/2, PCI, HIPAA, EU Directive 95/46/EC, GDPR and other applicable global security and privacy regulations.
• Bachelor's degree required (Master's preferred) in business administration or a technology-related field,
• Professional security accreditation such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
Senior Vice President, Information Security and Risk - (171741).