JerseyCityRecruiter Since 2001
the smart solution for Jersey City jobs

Business Information Security Officer

Company: Interpublic Group
Location: Jersey City
Posted on: January 15, 2022

Job Description:

Position Summary
The IPG Business Information Security Officer will report into the Chief Information Security Office (CISO) and will partner with the IPG Corporate CIO to improve IPG Corporate's information security posture with respect to strengthening internal cyber security and ensuring all work products are on-time and high-quality to comply with the CISO's Information Security program for Corporate IPG.
Essential Functions:


  • Actively participate in all IT security governance forums, meetings, etc. to ensure that the groups' that you represent, opinions, perspectives & needs are heard.
  • Coordinate early adoption of new security technology and initiatives with Corp IPG CIO team for Corp IPG user base: NAC, EPM, Lookout, O365 DLP, automated attack & pen testing, attack simulation, bug bounty, etc.
  • Work closely with CISO SOC, Corp IT Global Lead, Global IPG IT SOX Coordinator, Regional Coordinators, Local IT & FSOs to support threat intelligence response and incident response efforts
  • Facilitate the identification of high value dimensions in Corporate IPG to be monitored by the SOC
  • Regular evaluation & maintenance of data quality, completeness and accuracy of all assets in ITAM
  • Complete deployment of agents on assets or filing of exceptions
  • Regular evaluation & maintenance of data quality, completeness and accuracy of all other dimensions: applications, domains, identities, network devices, mobile devices, IoT, data, etc. as developed in ITAM. Including review and coordination of approval to include specific dimensions in scope for CISO initiatives with GIS owners. Track, report & publish status at quarterly operational review meeting & weekly GIS meeting for attention. Escalate red flags.
  • Ensure every application has been reviewed and has a security criticality rating which will be used to define scope for security initiatives & security architecture recommendations related to applications.
  • Facilitate the vulnerability management process including ownership of OS & Non-OS patching for CVEs on IPG assets. Ensure asset owners are aware of open vulnerabilities and track remediation against SLA expectations. Understand and communicate recommended solutions to address security vulnerabilities (and mitigations to reduce exposure when exceptions are filed).
  • Coordinate secure configuration expectations with application and asset owners to ensure roadmaps include the application of secure configuration CIS benchmarks.
  • Communicate regarding key compliance deliverables and due dates to Corporate IT, EIS & EAS discipline owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security controls, standards, policies, procedures & guidelines
  • Create/Maintain heat map of control statements in all information security policies (SP&Ps) and manage roadmap to 'get to green'; to close gaps & reduce risk or accept risk through exception process.
  • Participate in review of annual IPG IT M&P Guide for audit of IT SOX & IT/Security Controls & ensure training, testing & oversight -- & that controls have ownership for execution/remediation.
  • Escalate when you have a leaver that is responsible for execution or testing of IT controls so we can help cover to retain control until a backfill is identified.
  • Manage IPG data in OpenPages access for management of narratives, issues, remediation plans.
  • Manage identity/access/AD compliance issues & work with owners until remediated (MIT-10, LARs, LAPs, MFA/SSO, PAM)
  • Centralize exception filing and coordination of CIO sign-off for Corporate IT, EIS & EAS in support of the CISO exception process
  • Advise on architecture reviews, coordinate privacy review with Legal & facilitate information security risk assessments on external/vendor products & services (for Corporate, EIS & EAS)
  • Ensure new products, services, applications, third party or client relationships, have appropriate security controls embedded and that any identified risks are appropriately addressed.
  • Understand security impacts when using Cloud solutions (SaaS, IaaS, PaaS) and advise the Corporate CIO and EIS team regarding security expectations for cloud services. Track compliance of secure configuration, application of MFA & introduction of new technology like CSPM & CASB, etc. Maintain an IPG Cloud landscape and heat map detailing the application of security controls/expectations.
  • Define landscape & roadmap with Global Corp IT Lead for security & privacy controls for structured & unstructured data.
  • Define landscape and roadmap for Corp IPG mobile and IoT security.
  • Raise information security awareness with process, project, and asset owners in Corporate IT, EIS & EAS. Reinforce expectations to complete training, messages in memos & coordinate communication process for IPG end user messages with the Corp Comm group & the IPG Corp CIO. Encourage completion of training for IT Admins, LARs, Developers, Phish campaign fails, HR data handling, etc.
  • Build network among corporate departments in order to understand business expectations that need to be balanced with security & IT operations goals

    Experience, Knowledge, Skills and Abilities:
    Effective coordination and facilitation of activities across all IT & business disciplines. Solid partnerships with all IT functional groups & business partners. Compelling team player, communicator, relationship builder, and motivator is required. The activities that this role will be responsible for require motivation of matrix staff to work toward common goals. This role requires a breadth of knowledge across applications & infrastructure to be most effective.
    Masters or Bachelor's degree in computer science, computer engineering or related field and 5-7+ years of experience as an IT professional.

    • 7+ years of information technology, IT project/program management, or IT security related background
    • CISSP, CISM, GIAC, OSCP or working toward security certifications is Highly Desired

      Knowledge of national and international regulatory compliance and frameworks such as ISO 27001, NIST, & CIS is Highly Desired
      To Apply: send resume and coverletter to ipgrecruitingCorpsvs-IT@Interpublic.com
      Please include the Job title in the subject line of your email

Keywords: Interpublic Group, Jersey City , Business Information Security Officer, Other , Jersey City, New Jersey

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest New Jersey jobs by following @recnetNJ on Twitter!

Jersey City RSS job feeds