ジョブファンクション: インフォメーション システム（IS)
The Cybersecurity team defines the L’Oréal cybersecurity strategy in alignment with the business strategy. The strategy is sustained by the Cybersecurity Policy defining the organization, the framework, the rules, the standards and procedures in all domains.
L’Oréal has launched an important IT Transformation project including foundations improvement, and the creation of new lines services. Cybersecurity is part of this transformation. It must be an active partner of IT to help and enable the transformation.
For its cybersecurity, L’Oréal has adopted a risk-driven approach. Hence, the cybersecurity department wants to strengthen its Risk Management capabilities by creating a Risk Management Service line for which we are looking for a Manager.
The Manager of the Risk Management service line supports the Risk identification, analysis and management process across all aspects of Information Technology for business. Responsibilities include assessing the current adequacy of the security strategy, business continuity /disaster recovery plans, threats to the systems, and then calculating the impact of potential adverse events.
Review and improve Cybersecurity risk management framework
Validate with Key stakeholders Risk level, Risk strategy and Risk Appetite
Build a transversal line of service:
To collect and manage new project demand.
Do a first level of Risk assessment.
To support local Security Manager.
To follow and ensure coherence of Risk Analysis
To manage exceptions.
To put in place and support Risk Management solution.
Engage and advise stakeholders
Work closely with team in charge of Third Party Risk management
Review and maintain IT Security in projects methodology
Continuously evaluate communication security, data vulnerability, business continuity and compliance risks
Identify vulnerabilities or weaknesses in systems
Evaluate security policy, processes and procedures for completeness
Ensure that controls are adequate to protect sensitive information systems
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Provide mitigation/ damage reduction proposals with cost justification
Identify defensive steps to take, starting by the existing security standards already available within L’Oréal
Participate to education of Security, IT & Business stakeholders to Risk Management
Master’s degree in Information Technology
You have a successful first experience of 5 years in the cybersecurity field within a consultancy firm or a Fortune 500 company
Knowledge of cybersecurity frameworks (NIST, OWASP, …)
Knowledge and experience in auditing, security reviews or compliance reviews
Knowledge and experience in risk analysis
Knowledge of web technologies (CMS, development frameworks, API, application security, …)
Knowledge of public cloud services (Azure, AWS, Google Cloud)
Ability to manage and / or influence people
Ability to communicate complex ideas effectively, both verbally and in writing, in English and French with international stakeholders and with cybersecurity stakeholders within the Group
Ability to convince and drive change
Ability to navigate within a fast-moving environment
Strong analytical skills
Fluency in English is essential