Security Governance & Risk Analyst

The purpose of this role is to contribute to the ongoing development of client focused security initiatives, standards and compliance strategy. Provide information security support and advisory services to our Brands, for managing clients’ security requirements, agreements and assessment programmes.

The Security Governance & Risk Analyst will be responsible for managing and mitigating security risks associated with the product delivery and ongoing maintenance procedures within the organization. This role will focus on conducting thorough risk assessments, implementing effective security controls, identifying potential risks, and driving security initiatives to reduce risks.

The role will be required to work closely with various stakeholders, including legal, IT, and operations teams, to ensure the security of acquired assets and data during the initial integration phase.

Security Governance & Risk Analyst

Dentsu is the network designed for what’s next, helping clients predict and plan for inspiring future opportunities and create new paths to growth in the sustainable economy. Taking a people-centered approach to business transformation, we use insights to connect brand, content, commerce and experience, underpinned by modern creativity.

1. Conduct comprehensive risk assessments of assets, infrastructure, and systems to identify potential vulnerabilities.
2. Evaluate the impact and likelihood of identified risks and prioritize them based on their severity.
3. Collaborate with relevant teams to gather necessary information for risk assessment purposes.
4. Develop and implement appropriate security controls, policies, and procedures to mitigate identified risks and ensure compliance with regulatory requirements.
5. Work with the company's IT and security teams to ensure alignment with existing security frameworks and standards.
6. Define security requirements and establish guidelines for acquisitions technology infrastructure during the integration process.
7. Monitor and identify emerging security risks, including but not limited to data breaches, unauthorized access, and insider threats.
8. Stay updated on industry trends and best practices to identify potential security gaps and recommend appropriate measures.
9. Drive security initiatives and projects aimed at reducing risks associated with the acquisition.
10. Collaborate with cross-functional teams to ensure the successful implementation of security measures within the specified timelines.
11. Foster strong working relationships with internal stakeholders, such as legal, IT, and operations teams, to ensure a coordinated approach to risk management.
12. Communicate effectively with all stakeholders and leadership, providing clear and concise updates on security risks, mitigation efforts, and progress.
13. Ensure compliance with relevant security regulations, standards, and industry best practices.
14. Assist with and coordinate internal and external security audits where required.
15. Collaborate with legal and compliance teams to address any security-related contractual obligations.

1. Fluency in Spanish and English.
2. Bachelor's degree in Computer Science, Information Security, or a related field.
3. 2-4 years of IT Security, Risk, Audit, or information system experience in a dynamic enterprise IT environment is highly recommended.
4. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, COBIT).
5. Understanding of technology infrastructure, systems, and network security principles.
6. Familiarity with regulatory requirements related to data protection and privacy (e.g., GDPR, CCPA).
7. Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively.
8. Must have previous experience in a role that required analytical, problem solving and good communication skills with the ability to convey security concepts to non-technical stakeholders.
9. Demonstrated ability to collaborate and work effectively with cross-functional teams.
10. Strong attention to detail and a commitment to maintaining the highest standards of security.
11. Effectively engage with external client audit staff to minimize high risk findings and exposure to Merkle by using sound judgment and discretion.
12. Understanding of cloud technologies and principles.
13. Solid understanding of the governance and compliance requirements of GDPR.
14. Understanding of emerging technologies, architectures, and philosophies in the Cyber / Information Security portfolio.