The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security governance, risk, and compliance programs across North Asia & SAPMENA.
The role should understand the global security and regulatory compliance requirement applicable to the IT and business and will be responsible for managing the risk, compliance, and the IT relationships with internal and external audit partners.
This role will work closely with the CISO, infrastructure team, digital team, application owners, internal control team, legal team as well to understand the risks due to lack of governance and compliance. The major accountabilities the role include:
Onboard the Service Now GRC module (Governance, Risk and Compliance) for applications, evaluate L’Oréal application through the defined approach
- Directly responsible for conducting the security risk assessments to ensure the systems and/or applications are complying with the corporate security policies, regulatory requirements, and adherence to best practices
- Identify, research, and evaluate new compliance requirements and present them to the relevant team and senior leadership
- Establish the security governance framework on security self-assessments, internal and external security audit. Responsible for the auditing program, coordinate the audit with zone and/or the country teams
- Develop, track, maintain the controls matrix to ensure the systems and/or applications are complying with policies, standards, and regulatory requirements
- Support the issue and/or risk owners for the interpretation of the relevant non-compliance issues and ensure stakeholders are well understand on the risks and be prepared in terms of remediation
- Drive coordination with various teams to develop and implement the security remediation plan across the region to meet the IT security and regulatory requirements
- Work with IT and business application owners to ensure the baseline security standards are embedded in IT and business operations
- Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements
- Provide metrics and data on findings to ensure prioritization for remediation and closure.
- Develop and maintain the regional findings library to support analysis, trending and pre-closure and drive remediation and risk mitigation planning, execution, and reporting.
Bachelor's or master’s degree in Computer Science, Information Security or a related field or discipline is ideal. 8+ years’ experience in information security and 3+ year on governance, risk and compliance, or the equivalent combination of consulting, IS security projects work experience. Information security and/or information technology risks and privacy related certifications are most preferred (e.g., CISSP, CISA, CRISC, CIPP/A etc.)
Solid skills like following:
- Experienced in information systems audit and compliance is preferred
- Experienced in working with auditors and/or regulators is preferred
- Strong partnering, communication and presentation skills and strong analytical and problem-solving skills
- Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
- Experienced in establishing and maintaining effective working relationships with technical team as well as the end users from business
- Previous information technology auditing/consulting and/or information technology risks management experience
- Experienced in ISO27001/2/5 and NIST Cybersecurity Framework