This job has expired, please see additional jobs below
Director of Risk & Compliance
Entertainment & Media Industry Company
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Description
About Company:
Two things Company has been doing since 1917: coming up with Famously Effective ideas, and hiring forceful, energetic innovators with diverse skill sets and points of view who can put ideas into motion that lead to results. That’s no coincidence.
Smart, quick, highly motivated business-savvy people have been the backbone of Company’s Famously Effective work for one hundred years. They are the drivers of business and creative performance that at this point in Company’s long history have never better. We were named 2016 Cannes Agency of the Year in recognition of our 24 Lions for clients including Volvo, Canon, Gillette, and NFL. Company was also among the top three agencies at the Effies where our work for clients including Febreze and Volvo were recognized. Famous and Effective. It’s what we do, and it’s part of why Company was been named Global Network of the Year by Adweek in 2013 and 2015, and Agency of the Year by Advertising Age in 2014.
Of course none of this could have happened without the diverse talent roster we have in place and we are continuing to look for the best talent to join us in the coming year. That’s why we continue to need drivers—people who can help move the agency further on the trajectory of success.
Position Category: Information Technology
Position Title: Director of Risk & Compliance
Location: USA - NY - New York
Job Description:
Under the direction of the CIO, the Director of Risk & Compliance is responsible for maturing and the execution of the IT compliance framework and information security posture; aligned with the parent company’s guidelines, client requirements, etc. The scope of this position is global and requires a working knowledge of the various regulations the agency must adhere to in all of our locations. The role is also responsible for relaying, maintaining, and publishing information security and IT controls, standards, procedures, and guidelines for use within the IT organization. This position will require some day-to-day, hands on data analyses and management of the various applications used for information security and compliance within the agency. The candidate will make sure that, together with regional IT compliance representatives and client-facing teams, security policies, standards and procedures are established and enforced.
Job Responsibilities include (but are not limited to):
• Develops, publishes, and maintains a comprehensive organization-wide IT compliance, information privacy and security strategy, plans, policies, procedures, and guidelines
• Coordinates the development of an ongoing information security awareness program to ensure that employees are aware of threats and how to help ensure privacy of agency information
• Researches and maintains proficiency in tools, techniques, countermeasures, and basic trends in computer and network vulnerabilities and exploits
• Works with business teams to maintain information security policies, procedures, and standards and assists the various departments and practice groups in adhering to them
• Coordinates information security audits, tests and reviews
• Creates status reports and briefings on security matters for executive management
• Conducts risk analyses and assessments to ensure there are solutions in place to mitigate those risks
• Assists in the responses to RFI\RFPs and client security related questionnaires
• Provides management with up to date information on the different threats and security vulnerabilities that the organization may face
• Ensures compliance through adequate training programs and oversight of periodic internal security audits
• Assesses audit results and partners with IT staff to create pragmatic action plans and monitors the execution and completion of action plans
• Serves as active participant in WPP’s Information Security Committee and serves as IT owner for security-related incident responses
Qualifications
Technical Skills Required:
The successful candidate must possess a strong understanding of the following:
• Technical implications of security threats and vulnerabilities
• Technical analysis and evaluation of network and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection and encryption
• Vulnerability scanning, intrusion detection, anomaly detection, and associated technologies
• Intrusion Detection\Prevention Systems, firewalls, ACLs and encryption technologies
• Tools, techniques, and standards used to conduct penetration testing of networks and applications
• The latest information security threats & vulnerabilities and appropriate countermeasures
• Best Practices related to information