Automation ISO
Company Lamoreaux Search Client
Location New York, NY
Preferred GIAC Certifications GSEC
Travel 1%
Salary Not provided
URL Not provided
Contact Name Caroline Blake
Contact Email Caroline/at/LamoreauxSearch.com
Expires 2022-11-22

Job Description

AUTOMATION Information Security Officer

The Client:

Our global marketing communications client has a rich 100+ year history of excellence in service and growth predominantly through acquisition. Their portfolio of companies reaches over 1500+ agencies in 100+ countries connected by a parent company dedicated to leveraging their collective and individual offerings. They are creating a centralized Transformation function with an Automation Center of Excellence. Our client is seeking an ISO for the Automation COE. You will report to the Corporate BISO who in turn reports to the Global Chief Information Security Officer at the parent company.

The Role:

The Automation ISO will be responsible for partnering with the automation solution architect to design and implement security protocols for use cases that achieve the desired benefits from automation, while maintaining appropriate security standards. They’ll also directing and managing the alignment of Security for the Automation COE in support of achieving the goals and objectives of the broader organization. The Automation ISO is a business focused security specialist with responsibility for their space working as part of the Corporate Security function to drive governance and compliance of the Corporate Information Security policies, standards, procedures and guidelines to prevent the unauthorized use, release, modification or destruction of data, specific their area. You will collaborate closely with senior Transformation leaders and Technology leaders in developing and executing state-of-the-art IT processes, transforming strategy into goals and objectives aligned with cost-effective security solutions. Without a doubt, your interpersonal skills will be as critical to your success as your technical background.

Similarly, this role requires a leader who will partner across all levels and create cohesion inside the team and beyond Security, across segments and businesses through open lines of communication, guidance and education, partnership and collaboration. There’s a lot of change ahead, and our client needs a leader who will adapt, coach, and help others navigate the changes as well.

Given their acquisition history and the fast pace, there’s a strong focus on candidates with previous work experience in complex environments. This role will allow for a great level of diversity between leveraging an entrepreneurial approach and applying strategic enterprise thinking and solutions.

Key areas of focus:

Automation

· Create and maintain information security control processes and procedures that support Microsoft Power Platform and Azure Cognitive Services projects including writing guidelines, standards, procedures, and additional technical documentation.

· Perform data security reviews on automation use cases to ensure security controls with use of different connectors.

· Lead and manage compliance assessments from Microsoft Power Platform and related Azure components perspective.

· Recommend security testing processes for automations.

· Create, monitor, and report on Data Loss Prevention (DLP) policies within Microsoft 365.

· Serve as a Tier 3 or 4 escalation point for security-related support tickets for automations.

Corporate Security

· Work with Corporate Security to deliver operational tasks including, but not limited to, assessment of technical architecture changes, supply chain risk management and monitoring of security controls and policy adherence in line with Corporate policies and standards.

· Identifying and managing potential security risks and governance issues and developing remediation/ treatment plans to resolve the risk or reduce the risk to an acceptable level, aligned with the Corporate Risk Management Framework.

· Build and lead teams and leverage cross-functional partnerships to deliver on business and security initiatives.

· Assist in the coordination and delivery of Network information security audits, inspections, tests and reviews.

· Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with Automation COE specific content.

· Supports delivery of information security services in accordance with requirements, delivering to timescales, quality measures and standards including change control.

· Supports the development of information security by adopting a proactive and innovative approach to continuous improvement.

· Manage and coordinate Business Continuity Plans and appropriate exercising across the COE.

· Provide input into the analysis and discussion of security policies, standards and practices.

· In conjunction with colleagues from Corporate Security, Legal and Compliance, evaluate and disseminate regulatory information security rules, laws, and best practices, and collaborate with internal and external counsel as needed.

· Lead and coordinate responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.

· Responsible for maintaining and enhancing, as applicable, Incident Response Plan aligned with Corporate policy and protocol.

· Collaborate with the Corporate IT departments to ensure information security risks in both ongoing and planned operations are properly considered and that all compliance matters are being adhered to as required.

· Monitor information security trends and evolving technologies and keep senior management informed about related information security issues and implications for the Enterprise.

· Understand potential and emerging information security threats, vulnerabilities, and control techniques and communicate this information to appropriate team members throughout the Enterprise on a timely basis.

Qualifications:

· Minimum 7 years of experience in IT Security, IT Audit or related area including experience in a Lead Security Role.

· Experience leading and motivating teams is preferred.

· Global experience preferred.

· Must be a strategic, big picture thinker who understands, appreciates and can appropriately balance compliance and business objectives.

· Bachelor’s degree in Information Security, Computer Science, Information Management Systems, Business, Accounting, or related field or related experience.

· Certifications in any of the following are a plus: CISSP, CISM, CSSLP, CCSP, GSEC, GISF

· Expert in cloud computing security, specifically around Microsoft 365 and Azure

· Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis.

· Familiarity with Information Security industry standards/best practices and relevant regulations (e.g., PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, ISO, CobiT).

Personal attributes:

· Analytical and detail oriented.

· Excellent interpersonal skills (inclusive of listening) and a roll-up-your-sleeves personality.

· Excellent written and oral communication skills.

· Strong negotiation skills.

· Willingness to travel as needed.