Reporting to the Latin America Zone Cybersecurity Director, this position is responsible for all aspects of information security and technology risk management within L’Oréal Central America and Andean Region. This leadership role requires an individual with a strong technical background, as well as the ability to work across the IT organization and the divisions to align information security priorities and controls with key business objectives.
Key Duties / Responsibilities
· Lead the development and implementation of a comprehensive information security program
· Identification of information technology risks, communication and development of “best practice” solutions, and implementation of mitigating controls consistent with company strategy
· Development, implementation and enforcement of information security governance including policies, standards and procedures in collaboration with HR and Legal
· Execution of IT security education plans based on group directives and in partnership with internal communication to raise awareness around IT security risks and best practices
· Ensure that all IT assets and services are secure, ranging from mobile devices, desktops, servers and applications to networks through the implementation of best-in-class security measures
· Ensure excellence in Information security operations and appropriate service level agreement in response to IT security issues
· Management of regulatory and compliance requirements ranging from leading IT efforts in litigations and investigations to L’Oréal Group policies and PCI/DSS compliance
· Act as the IT liaison to lead communications with internal and external auditors and ensure compliance
· Development, execution and monitoring of disaster recovery plans for all critical IT assets throughout the organization
· Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels require
· Ensure appropriate information security Incident Management and escalation
· Support major, and complex information security operations and technology projects that have tactical, operational and strategic impact to all business segments
· Maintain reliable, up-to-date information from across the industry regarding information security operations, to include actionable intelligence pertaining to new and existing threats and critical action plans, and incorporate those facts and findings into an operational response
· Ensure a healthy balance between real-world risks and the business need for speed, agility, flexibility and performance
· Ensure information security collaboration and compliance at the Zone and Group level
Education & Knowledge Required
- Bachelor's degree from an accredited college or university is required. Master’s degree preferred. A degree in Computer Science, Information Security/Data Systems Management or a related field or discipline is ideal
- Risk Management and Standards (ISO/IEC 27001) is preferred
- Certified Information Systems Security Professional (CISSP) certification is preferred
- Additional certifications (e.g., CRISC, CISM, CISA, PMP, etc.) is preferred
Experience / Skills / Abilities Required
- A minimum of 12 years of combined experience in IT with at least 5 years in Information security management
- In-depth technical knowledge and experience in information technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts.
- Proven and effective leadership skills, as well as demonstrated proficiency in providing requisite oversight for information security operations and incident management.
- Excellent interpersonal skills, as well as an ability to interface effectively with fellow employees, leadership of the Corporation, and external partners, clients, and customers.
- Ability to communicate in English.
The ideal candidate will meet the experience requirements identified above and will also reflect a background that includes:
- Previous experience in support of Digital IT, Digital Marketing or E-Commerce
- Previous success and proven ability to analyze information security technical issues within the context of their potential impact on the Corporation's business requirements and processes.
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Involvement in support of risk management approaches
- Cyber security crisis management.
- Dedication to compliance as reflected in comprehensive policy, standard, and procedure development and implementation.
- Consumer Packaged Goods and Retail industry experience
- Solid experience in security related processes such as Risk Management, Vulnerability Management, Forensics, Networking, Compliance and Auditing is ideal.
- A thorough understanding of the implementation and maintenance of processes and the ability to identify business needs, convert them to tasks and develop supporting documentation
- Superior communication skills, to include both verbal and written mediums.
- Demonstrated project management skills and experience.
- In-depth knowledge of information security tools Professional development organizational involvement (e.g., ISSA or ISACA