Experis Ciudad de México
? In close partnership with the CISO, regional management, Global IS office and Managed Security Service Provider MSSP, develop, implement and monitor a comprehensive enterprise information security and risk management program
Regional Information Security Officer The RISO serves as the process owner of all ongoing activities in the regions designed to secure the availability, integrity and confidentiality of customer, business partner, employee and business information, in compliance with ManpowerGroup?s current and future information security policies. Key responsibilities of a RISO will include implementation of corporate IS policies, monitoring of IS related risk exceptions, corrective action plans and remediation efforts in response to security events, security assessments and audits, provide oversight to ensure that processes and projects are completed in a timely manner, manage all relevant IS metrics specific to the region and countries as needed and provide early & timely detection, reporting, escalation and remediation of IS risks and outstanding issues. PRIMARY FUNCTIONS: RESPONSIBILITIES AND STANDARDS ? In close partnership with the CISO, regional management, Global IS office and Managed Security Service Provider (MSSP), develop, implement and monitor a comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by ManpowerGroup and/or its subsidiaries and franchises. ? Ensure security posture of every country in the region is within acceptable levels. Take accountability to drive and mange this. ? Work with stakeholders throughout the enterprise and regional businesses to achieve acceptable levels of residual risk. ? Work directly with regional management, all countries and business units in the region to facilitate IT risk analysis and establish risk management processes. ? Implement and monitor corporate IS policies in the region. ? Exercise granular oversight over the countries in the region to ensure acceptable status and progress on all security elements defined in global policy. ? Conduct detailed reviews with countries in collaboration with regional management to ensure prompt remediation of security defects. ? Engage in cyber security related events, exercises and client response / presentations to support the relevant business. ? Monitor IS related risk exceptions, corrective action plans and remediation efforts in response to security events, security assessments and audits. ? Drive information security programs in the region ? Develop a strong understanding of the business to be able to engage with technical SMEs to be able to interpret technical requirements of the IS policy and help countries resolve security defects and exceptions. ? Coordinate information security and risk management projects with resources from the IT organization and business unit teams and be accountable for the risk posture of the organization. ? Oversee the rollout and implementation of policy changes in the countries. ? Create and facilitate the ManpowerGroup information security risk assessment process, including reporting and ownership of remediation efforts to address control gaps, such as system vulnerabilities. ? Manage security incidents and events to protect ManpowerGroup technology assets, including intellectual property, fixed assets, data and the companys reputation. ? Communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers. Provide responses to client requirements on the company?s security posture and policies. ? Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas. FUNCTIONAL AREA KNOWLEDGE/SKILLS: ?
? ?Experience in program and project management. ? ?Practical knowledge of NIST, ISO27001, COBIT, ITIL, Security Policies, Audit, and Governance. ? ?Experienced in Risk Assessment methodologies such as IRAM, CRAMM and IS12.