Domaine: Systèmes & Technologies de l'Information

Type d‘emploi: Temps plein

Ville: New Jersey - Berkeley Heights

Pays: USA

Job Title:  IT Security & Risk Management                                                           

Location: Berkley Heights, NJ

Location: Berkley Heights, NJ - approx. 80% and New York, NY- approx. 20%


Role description  

The IT Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of social, e-marketing, e-commerce and retail.  The IT Risk Manager is also responsible for implementing and maintaining the overall IT Security program to protect the company’s Digital assets, as well as managing information security compliance. 

The ideal candidate for this position is a proven IT Security/Risk management expert with hand-on experience, business results and problem solving mindset, as well as an effective internal consultant. The individual must also possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cybersecurity, IT audit, business continuity management, privacy and compliance.


Role Responsibilities

The key responsibilities of the role are as follows:

  • Performs focused risks assessments of existing or new services and technologies to ensure the protection of the organization’s information assets and our customer information
  • Communicates risk assessment findings to stakeholders
  • Provides consultative advice to information security customers that enables them to make informed risk management decisions
  • Identifies and implements appropriate controls to effectively manage information risks as needed
  • Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
  • Performs IT General Control, Application control audits, PCI DSS and other IT related reviews
  • Identifies weaknesses in internal controls and opportunities to enhance operational efficiencies
  • Monitors and assesses Digital/Cyber risks utilizing security tools to proactively identify potential new threats and escalate as necessary
  • Tracks remediation of audit issues noted in internal and external audit reports

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

  • A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
  • Strong organization, prioritization, rationalization and analytics skills
  • An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
  • A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner
  • A working knowledge of the following areas of technical expertise: information policy formulation, cybersecurity management, IT risk assessment and management, business continuity management, IT governance formulation, IT vulnerability management, and organizational change management, IT financial management and IT audit
  • Understanding of information security fundamentals and general security technologies


Typical Education and Experience

    • BS in Computer Science, Information Security, or a related field. MBA is a preferred
    • 5+ years of professional experience in Information Security and Risk Management
    • Experience in application risk management, Cloud Platform risk & controls, data encryption, and PCI compliance
    • 5+ years of experience working with national and international regulatory compliance frsmeworks such as ISO27000, COBIT, NIST, HIPAA, and PCI DSS 


We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
Postuler pour cette offre ►

Partager Facebook LinkedIn Twitter