Analyst, Vendor Risk Management

Responsibilities Partner with a qualified global team of cyber security risk management professionals to protect company assets and support security risk initiatives.
Work cooperatively with the Risk and other leads to validate appropriateness of procedures and controls (to ensure compliance with regulatory, contractual, and legal requirements). Work collaboratively with Internal Audit, Legal, and business units to track risk reduction over time. Develop and maintain expertise in regulatory trends, client contractual trends, and risk management strategies. Provide monthly, quarterly, bi-annual, and annual metrics to track, validate, and provide continuous improvement to the compliance and risk management programs. Support the development of and enhance a governance framework aligned with ISO27001 to ensure compliance with stated metrics and documented controls. Maintain a risk register aligned with Omnicom s Risk Management Framework as it pertains to regulatory and compliance risks. Measure compliance with policy and standards as part of assessing the overall security risk posture of the enterprise and develop remediation plans as needed. Qualifications Bachelors degree required, preferably in computer science, information systems, engineering, business administration, or related field 5 years of experience required. In-depth understanding of common regulatory frameworks (SOX, HIPAA, PCI, GDPR) Practical knowledge of risk assessment and management approaches and delivery Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST Past Media and Entertainment industry experience Skills/Abilities Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. Excellent problem solving and analytical skills, individual must be a team player, strategic and analytical thinker, able to think big picture , as well as focus on trends and data coupled with industry themes, and able to multi-task on projects. Ability to build-out risk & compliance strategy aligned with business objectives that will continually improve and enhance cybersecurity within the organization. Demonstrate the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. Possess a strong technology background with the ability to challenge or validate technology decisions from a position of knowledge and experience. Possess the ability to rapidly assimilate business strategies, coupled with the insight to seize high impact opportunities by applying creative problem-solving solutions. Track record of managing across multiple global locations, with a solid understanding of the challenges and benefits