Función del empleo: Information Systems

Tipo de puesto: Permanent

Tipo de empleo: Full - Time

Localización: New York, NY

País: United States

L'Oreal USA

IT Digital Risk, Senior Manager

Location: Hudson Yards, New York, NY - approx. 80%

Location: Berkeley Heights, New Jersey - approx. 20%

The IT Risk Senior Manager is responsible for advising business lines regarding information security and for managing risks related to systems and processes used for the processing, storage, and transmission of information. The IT Risk Senior Manager will work directly with the L’Oreal Americas Digital IT team and with business line leaders to evaluate new and existing digital initiatives and to inform and support collaborative risk decisions with business partners. This role requires strong business partnership to identify, analyze, and influence the management of Digital/Cyber risks across various projects and platforms, including emerging technologies.

The IT Risk Senior Manager is also responsible for implementing and maintaining IT Security program to protect the company’s Digital assets, as well as managing information security compliance.  It also requires monitoring and assessing Digital/Cyber risks utilizing security tools to proactively identify potential new threats and escalating as necessary. 

The ideal candidate for this position is a proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant. The individual must also possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.

Key Role Responsibilities

  • Manages implementation of IT security and risk management framework/tools specific to digital, eCommerce, eMarketing and cloud environments.
  • Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information
  • Identify and oversee implementation of security controls and processes over existing and new applications in digital environment, including CRM, e-marketing sites, e-commerce sites and mobile applications.
  • Communicates risk assessment findings to stakeholders and internal customers.
  • Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
  • Identifies and implements appropriate controls to effectively manage information risks as needed
  • Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
  • Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
  • Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
  • Tracks remediation of audit issues noted in internal and external audit findings/reports
  • Assist with PCI compliance as needed.

Candidate Evaluation Criteria

  • A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
  • Building enterprise IT risk management and governance and compliance programs
  • Strong organization, prioritization, and rationalization skills
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • An understanding of organizational mission, values, and goals and consistent application of this knowledge
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
  • Thorough understanding of application security fundamentals and general security technologies.
  • Strong commitment and belief in ongoing learning and development.

Typical Education and Experience:

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

  • BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred
  • 5+ years of professional experience in IT security, digital / eCommerce / eMarketing security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc.
  • 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc. 
  • Industry certifications desirable (e.g. CRISC, CISSP, CISM, CISA, PMP, etc.).
  • 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection.  Expertise in AWS or Azure a plus.
  • 3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.

We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status. If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.