Función del empleo: Information Systems
Tipo de puesto: Permanent
Tipo de empleo: Full - Time
L’Oréal is present in 150 countries on five continents. For more than a century, L’Oréal has devoted itself solely to one business: beauty; it is now the industry world leader with €29, 87 billion consolidated sales (2019).
The group's mission is to provide the best in cosmetics innovation to women and men around the world with respect for their diversity. Our ambition for the coming years is to win over another one billion consumers around the world by creating the cosmetic products that meet the infinite diversity of their beauty needs and desires. To achieve this ambition, L’Oréal can rely on the support of a performing IT team.
As a true business partner for all our divisions, our multicultural team directly contributes to the success of L’Oréal’s brand portfolio: Lancôme, Yves-Saint Laurent, Biotherm, Kiehl’s, La Roche Posay, Vichy, Garnier, Maybelline New-York, Kerastase, Redken (…)
In the frame of a global IT transformation program, we are looking for our CyberSecurity Program lead.
Responsibilities and main missions:
As CyberSecurity & GRC Project Manager, you are in charge of the overall CyberSecurity topics addressed by the program as well as leading the GRC integration. Being the focal point for all security, controls and compliancy related topics on the program Infrastructure scope. This role will include the management of security planning and report, country audits, and service provider’s alignment.
As a member of the IT Transformation team, you will be the single point of contact for all security topics, working with the Group CISO organisation. Your mission will be articulated around the following main fields :
PLATFORMS & SAP
Lead the Security Hardening, Compliance and Monitoring topics
Plan the DRP & Continuity Management for the
Ensure the Security by Design of each core and satellite tech tools and tech solutions selected
Monitor and approve the proper implementation of each
Drive the security transition to the Operation Teams and CISO
Frame and lead the security testing strategy, as part of the DevSecOps
Monitor security defects and advise on security improvements / remediations
GOVERNANCE, RISK, CONTROL
Lead the SAP Authorization workstream, with functional stakeholders and providers
Transition to the SAP Authorization as a Managed Service
SECURITY PROJECT MANAGEMENT
Contribute contractual framework for the security scope of each provider
Supervise infrastructure & technology security audits on the program Scope.
According to L’Oréal security strategies and security audit results, lead the identified security topics (Network, workstation, Patching, Hardening, GDPR)
Organize with all our infrastructure suppliers, the implementation of the supplier security plan
Identification of infrastructure security risks, communication and development of best practice solutions, and implementation of mitigating controls consistent with company strategy.
Act as the IT liaison to lead communications with internal security and infrastructure teams and our suppliers.
Report the security contract deviances and necessary alignment
Proactively report security deviances forecasted or noticed
Report providers KPIs through service reporting
Financial review and forecast according to budgeted services
We are looking for an IT Cyber Security Project Manager with at least 5 years’ experience.
The candidate will quickly demonstrate independence on his/her topics.
Strong security skills.
ISO 27K knowledge (certification or equivalent)
Good knowledge of service management system and IT activities
Strong communication skills at all levels
Strong contract management skills
Good project management methodology skills (PMI, AGILE)
Fluent in English
Degree qualification, or equivalent in Computer Science