IT Security Compliance and Risk Analyst

Company Description
**We Dream. We Do. We Deliver.**

As a **full-service, data-driven customer experience transformation, **we partner with Top 500 companies in the DACH region and in Eastern Europe. Originally from Switzerland, Merkle DACH was created out of a merger Namics and Isobar - two leading full-service digital agencies.

**Our 1200+ digital enthusiasts **are innovating the way brands are built, through providing expertise in Digital Transformation strategy, MarTech platforms, Creativity, UX, CRM, Data, Commerce, Mobile, Social Media, Intranet and CMS. We are part of the global **Merkle** brand, the largest brand within the dentsu group, who shares with us a network of over 66,000 passionate individuals in 146 countries.

**Inclusion & Diversity**

We value the strength diversity brings to our business and are working hard to build a more inclusive workplace through partnerships with Stonewall, Business Disability Forum and Business in the Community’s race and gender equality campaigns. We are happy to discuss all flexible and agile approaches to working for all our roles - we can’t promise we will be able to offer you everything you want or need but we do promise to discuss it with you openly and honestly.

If you have any reasonable adjustment needs arising from a disability or medical condition to fully participate in the recruitment process, please discuss this with the recruiter who contacts you.

**Job Description**:
This role will support a broad range of security and risk disciplines including IT risk analysis, certifications (PCI-DSS, ISO 27001), internal audit, compliance, security controls (physical and logical), information security, and business continuity/disaster recovery (BC/DR)

Reporting to the EMEA Security Director, this role will be responsible for achieving alignment across various markets within the EMEA region, including assessing control alignment and supporting the global policies and standards.

You will be responsible for delivering information security initiatives through the region, ensuring controls and culture are maintained, and for supporting business security requirements, leveraging global and regional capabilities.

Led by the EMEA Security Director, our EMEA Security team is responsible for driving global security initiatives across the region and supporting Merkle’s clients.

**Responsibilities**
- Perform internal platform and client audits
- Support client pitches and associated client deals (MSA and SOW reviews)
- Support the implementation and maintenance of local ISMS activities, including gap analysis and evidence collection.
- Create a consistent approach to documentation, documentation repositories, evidence capture and compliance action management
- Evaluate, review, and prepare updates to the risk register and follow information and cyber risk remediations to closure.
- Ensure that controls are designed to support the security, availability and integrity of not only Merkle solutions, but also client IT environments.
- Engage with Internal Assurance and audit teams to ensure regional audits findings are tracked and managed by maintaining a non-conformities / corrective actions log.
- Build relationships and partner with key business stakeholders in each market and IT departments.
- Assist in developing and contributing to regional management reporting and presentations.
- Uphold and promote Merkle’s core values and culture
- Support and operate the strategic implementation of the information security management system (ISMS) framework across EMEA region.
- Support and roll out the certification strategy for new markets requiring ISO certification.
- Develop, implement and monitor security policy compliance and security controls in accordance with recognised best practice and in line with ISO27001

**Qualifications**:

- 2-4 years of IT Security, Risk, Audit, or information system experience in a dynamic enterprise IT environment is highly recommended
- Experience performing IT audits and analyzing risk using industry accepted methodologies
- Effectively engage with external client audit staff to minimize high risk findings and exposure to Merkle by using sound judgment and discretion
- Fucntional knowledge of security compliance initiatives within an enterprise technology environment such as NIST CSF, CSA, PCI DSS, Cyber Essentials
- Experience operating in a matrixed organisation to meet requirements of diverse stakeholders.
- Ability to maintain focus through conflict and challenging situations with positive outcomes for Merkle and its clients
- Track record of supporting information security in a diverse, fast-paced enterprise environment.
- Knowledge of all domains within security covering people, process and technology
- Understanding of security risk analysis techniques
- Understanding of cloud technologies and principles
- Ability to explain technical complex concepts to non-technical audiences combined with excellent communication and