Security Manager, Creative

Job Description:

Role purpose

The purpose of this role is to lead information security for the Creative Practice Area building on dentsus enterprise security maturity journey and embedding security capability directly into the Practice Areas product and service operations.

Key priorities include continuing to strengthen the security culture and capabilities within Creative; embedding security and risk considerations into relevant design and decision-making processes; and providing security assurance and validation for key applications and services.

This role is responsible for understanding assessing and managing information security risk across the Practice Area. The role reports to the Director of Security (Global Practices) and works closely with colleagues across Security Architecture Security Engineering DevOps and Cyber Operations to help secure client products and solutions.

Responsibilities

Lead information security for client solutions and Practice Area technology partnering with key stakeholders to deliver secure products and services to clients including onpremises and cloud infrastructure components.

Embed security controls patterns and tooling into product and solution teams across all stages of the secure development lifecycle (SDLC) with a strong focus on shift-left practices.

Oversee security assurance for products and solutions evaluating the implementation and effectiveness of security controls.

Identify assess and manage security weaknesses vulnerabilities and risks from multiple sources (e.g. security testing threat intelligence and audits) ensuring appropriate response and management of these issues (e.g. treatment plans remediation actions and risk acceptance where applicable).

Lead Practice Area delivery of relevant global security and transformation initiatives ensuring successful execution and alignment with Practice Area priorities and client requirements.

Provide Practice Area incident support to Cyber Operations acting as a security subject matter expert (SME) for the business division and supporting investigations.

Support client security requests including (but not limited to) RFIs audits and security questionnaires.

Candidate profile

Relevant security certifications or equivalent experience e.g. CISSP CISM (or similar).

Experience in product/application security including common security issues e.g. OWASP top 10.

Experience across various security frameworks (e.g. ISO 27001 NIST CSF SOC2).

Demonstrated expertise in security risk assessment for technical products and solutions including the ability to support design development and implementation of appropriate security controls.

Good understanding of modern technologies architectures and engineering practices including cloud-native patterns APIs CI/CD and DevOps ways of working.

Broad knowledge across core security domains and principles such as secure design.

Strong SDLC knowledge with practical experience embedding security early (shift left) through patterns controls tooling and consultancy.

Excellent stakeholder management and interpersonal skills able to influence and communicate effectively with both technical and non-technical audiences.

Excellent written and verbal communication skills including producing clear security guidance risk briefs and assurance outcomes.

Experience operating in a matrixed organisation aligning and delivering across multiple teams priorities and stakeholders.

Comfortable managing uncertainty ambiguity and change making sound decisions and recommendations with incomplete information

Location:

Brand:

Time Type:

Contract Type: