Regional Business Information Security Officer

Overview:
DDB Technology is the tech division of Doyle Dayne Bernbach, a global advertising and communications company. In 1949, three enterprising gentlemen, Bill Bernbach, Ned Doyle and Maxwell Dane gave the advertising industry a wake-up call. They introduced a new approach to marketing that relied on insight into human nature, respect for the consumer, and the power of creativity. In short, they said: Let's stop talking at people and let's start conversations that lead to action.

This heritage is a unique strength that continually tells us who we are, what we believe and how we should behave. It inspires us to continually challenge standard convention. From Bill Bernbach to Keith Reinhard to the present generation of DDB leaders, we are continuing the revolution.

As commodity technology services are provided centrally by our parent company, Omnicom, we increasingly invest our time helping teams discover how technology solutions can improve their day-to-day ways of working with an emphasis on efficiency, security, and standardization of platforms and services.

Charged with providing technology services & solutions for 10,000 + employees globally, we are a fast-paced and dynamic client service company. We are committed to delivering value at the right place, at the right time, in the right way.

**We protect DDB and Omnicom**: The Regional Information Security Officer (RISO) will be an embedded DDB security and risk professional, charged with supporting their local team and aligned with the Corporate Security function to assist in maturing the security posture for DDB's business and services. The RISO will report to the DDB Global Business Information Security Officer (BISO) with a dotted line to the EMEA Chief Information Officer (CIO). This role will be focused on the governance, implementation and compliance of the Corporate Information Security policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of data/systems. The RISO will also be expected to assist with internal security consultancy to support strategy and identify information Security related risks and proactively work with all support departments to ensure that Information risks are identified, assessed, and mitigated in all situations where possible.

**Responsibilities**:

- Build and maintain global relationships with business units and stakeholders to support local security activities with a focus on continuous improvement and program maturation.
- Work with BISO and Corporate Security to deliver administrative and technical controls, in line with organizational policies, standards, contracts, and/or regulatory obligations.
- Support strategic and tactical alignment of corporate technology to overall security to business objectives for all divisions within region.
- Assist in responding to client requirements such as RFP/RFI, audits, security questionnaires, contract negotiation and client meetings as relates to security where appropriate.
- Collaborate with the markets to identify and address internal/external security risks management and governance issues, developing treatment plans to address risk or reduce the risk to an acceptable level while aligning with the Corporate Risk Management Framework and practices.
- Participate in implementation and management of DDB and Corporate platforms, e.g., endpoint protection, encryption, SIEM, CASB, perimeter controls
- Work with Corporate Security to supplement the global Information Security Awareness training curriculum, with DDB specific content, facilitating cyber security awareness activities and security awareness concepts locally to be suitable for the business.
- Participate in the coordination and documentation of Business Continuity Plans and appropriate exercises
- Assist with DDB and CSIRT responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents
- Provides additional leadership in support of the CIO’s strategic initiatives through dotted line reporting to the Regional CIOs.
- Partner with technical operations staff for reporting on information program posture and compliance within all markets within the region
- Maintain up to date knowledge of emerging security trends, risks, new guidance, or standards (internal and external) and security enhancing technologies

Qualifications:

- Relevant experience in IT, Information Security, IT audit or related area
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, Business/Accounting or related field or related experience preferred
- Industry recognised certifications (CISSP or CISM) preferred
- Practical knowledge of Information Security industry standards/best practices and relevant regulations (e.g., PCI DSS, HIPAA, GLBA, FISMA, SOX, NIST, ISO, COBIT, TISAX)

**Bonus points if you have experience with**: