Information Security Officer, IT
Operations & IT Any Location - Full Time
This position will be responsible for analyzing & developing current & new IT security capabilities, policies & controls for the agency, while achieving/maintaining SOC2 security certification. This role will protect our agency & clients against threats from the cyber world. Ensures the minimization & elimination of cyber risks to loss of intellectual property & systems downtime. This position will have direct impact & cross-functional engagement with everyone from Sales to Operations.
The ISO should understand & articulate the impact of cybersecurity on (digital) business & be able to effectively communicate this to leadership & staff. He or she serves as the process owner of the assurance activities not only related to confidentiality, integrity & availability, but also to the safety, privacy & recovery of information owned or processed by the business in compliance with regulatory requirements. The ISO understands that securing information assets & associated technology, applications, systems & processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the ISO's role is working with Senior Management to determine acceptable levels of risk for the organization.
- Provide regular reporting on the status of Information Security
- Develop & implement IT security policies, standards & best practices for IT cyber security
- Ensure that Information Security requirements are included & met in contracts
- Install security measures & operate software to protect systems & information infrastructure, including data at rest & in transit
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
- Monitor computer networks for security issues. Investigate security breaches & other cyber security incidents.
- Develop & Interface with teams to ensure IT security standards are set & abided by.
- Create a process to periodically update policies & procedures to ensure they accurately reflect business requirements & align to industry leading security practices.
- Manage entire audit & compliance practice for organization completing all company wide audits throughout the year.
- Direct access review across all applications to help better understand where unauthorized access is granted & can be removed.
- Conduct periodic vulnerability scanning process & penetration tests.
- Manage third party risk management program in partnership with cross-functional teams
- Participate in working with sales & client on data security requests
- Identify & partner with outsourced security vendors
- Ensure that all information owned, collected or controlled by or on behalf of the company is processed & stored in accordance with applicable laws & other global regulatory requirements, such as data privacy.
- Manage Security partner relationships
- Help manage the budget for Information Security function - monitoring, reporting, mitigating, remediating
Required Minimum Qualifications
Education/Certifications: BS Degree is required
- Certification in Cyber Security (CISSP)
- Six Sigma certification is preferred
Skills & Experience:
- 5+ years of hands on IT Security experience with IT Security standards, technology, & monitoring
- Knowledge of SSAE18 / SOC2, PCI DSS, HIPAA, HITRUST, & other cyber security standards.
- Up-to-date knowledge of methodologies & trends in both business & IT
- Specific experience with SOC2 security certification & bringing companies to be compliant with standard is required;
- Previous experience in technical writing & documentation.
- Experience translating external compliance regulations & defining internal business requirements is a plus
- Experience with a broad array of IT technologies including cloud services (Google/AWS/JumpCloud), Meraki, File transfer protocols, Device management
- Experience with data classification, access control, & security models
- Experience with implementing & managing DLP, Privileged access & identity management, Password vault, GRC, & ERM tools
- Experience with various authentication protocols & encryption algorithms
- High degree of initiative, dependability & ability to work with little supervision while being resilient to change
- 3+ years leading cross functional & global projects specific to IT security
About Tinuiti: Tinuiti is a performance & data-driven digital marketing leader, focused on every aspect of the customer journey across the quadropoly of Google, Facebook/Instagram, Amazon, Apple, & beyond. We believe success requires specialization across all channels, & our offerings cover the full spectrum from paid to earned to owned media. Our goal when we come to work every day is simple - to grow happiness. For our clients, their customers, our people & our partners. Growing happiness guides everything we do & our core values - Unleash Greatness, Never Stop Learning, Ignite Your Passion, Thankful Living, & Inspire Innovation & Change - inspire us to maintain a culture where our people take pride in their work & have fun doing it.
Disclaimer: This description has been designed to indicate the general nature & level of work performed by employees within this position. The actual duties, responsibilities, & qualifications may vary based on assignment or group. Elite SEM is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, gender, sexual orientation, gender identity or expression, religion, national origin, marital status, age, disability, veteran status, genetic information, or any other protected status.
FLSA Classification: Exempt
Working Conditions: Working indoors, sitting at a computer for extended periods of time, lifting no more than 10 pounds.