When you look at L’Oréal, what do you see? If all you see is lipstick, look again and experience the Freedom to go Beyond the ordinary. That’s the beauty of L’Oréal. We operate in 150 countries on 5 continents. With 36 international brands and 86,000 employees worldwide, we’re well on our way to fulfilling our common purpose: to create beauty that moves the world.
By 2030 we want to capture over another 1 billion consumers around the world. How? By creating cosmetic products which meet the infinite diversity of consumers beauty needs and desires, and always through digital innovation. Not only that, but taking our sustainability goals seriously; moving us to a more inclusive and sustainable society, for every generation.
Our brands, dynamic culture, and always being our own challenger mean that we offer freedom and opportunity you won’t get anywhere else.
If you want the Freedom to go Beyond, we’ll see you at L’Oréal.
Our Corporate Division supports the 4000+ strong workforce in L’Oréal UK & Ireland. It’s a fast-paced and dynamic environment when you’ll have visibility over our 4 Divisions and play an integral role in moving our business forward.
We embrace our entrepreneurial spirit in everything we do, always challenging ourselves to new ways of doing things. That means looking for innovative solutions, sustainable developments, and having the freedom to go beyond the ordinary.
Our founder Eugène Schueller once said that “a company is not walls and machines, it’s people, people, people”. Joining our corporate teams means joining the world leader in beauty, at the cutting edge of innovation. But above all, it means becoming part of a team of talented and inspiring people.
Reporting to the North Europe ISSM, you will be responsible for all aspects of Cybersecurity across UK and Ireland hub at L’Oréal.
This is a leadership role that requires an individual with a strong technical background as well as the ability to work across the IT AND Business organizations to align information security priorities and controls with key business objectives following a risk-based approach.
Key Duties / Responsibilities:
• Lead the implementation of a comprehensive Cybersecurity program.
• Convey locally the L’Oréal Group Cybersecurity framework and adapt when required to local constraints.
• Animate regular meetings with Hub / Country CIO and IT domain managers.
• Ensure information security collaboration with Zone and Group teams.
Risk Management / Security in Project:
• Identify, estimate, evaluate Cybersecurity risks of your perimeter and ensure proper mitigation actions are in place.
• Support IT and Business teams and especially project managers on all aspects of cybersecurity during projects.
• Review security of Third Parties and ensure proper cybersecurity requirements are included in contracts & appendixes.
• Make recommendations and follow action plans.
• Make sure that all security steps (Risk analysis, contract review, penetration test, configuration check, code review, etc…) are done before Go Live.
Compliance / Action plan follow-up.
• Ensure compliance with local regulations and mandatory standards (e.g. GDPR, PCI-DSS).
• Enforce and control the correct application of the Group's Cybersecurity framework.
• Follow Group and Zone cybersecurity KPIs and controls.
• Ensure all assets and services on your perimeter are secured through the implementation of best-in-class security measures.
• Act as the IT point of contact to lead communications with internal and external auditors and ensure IT security compliance in the region you are responsible for.
• Ensure non compliances, vulnerabilities or any other security weaknesses are remediated in due time.
Cybersecurity Awareness / Education:
• Ensure, in partnership with internal communication, that Group / Zone Cybersecurity awareness initiatives are properly deployed on your perimeter.
• Educate local IT teams on Cybersecurity good practices.
• Establish direct and regular contacts with Business teams and make them aware about cybersecurity good practices.
• Ensure existence of disaster recovery plans (DRP) for all critical assets of the perimeter, support in definition and execution when required.
• Ensure disaster recovery tests are performed regularly in compliance with Group requirements.
• Ensure proper Crisis Management team is in place.
Technical & Professional Competencies:
• A minimum of 5 years of experience in Cybersecurity is required.
• In-depth technical knowledge and experience in information technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts.
• Proven and effective leadership skills, as well as demonstrated proficiency in providing requisite oversight for information security operations and incident management.
• Excellent interpersonal skills, as well as an ability to interface efficiently with employees, senior leadership, and external partners, clients, and customers.
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization.
• A previous experience as IT project manager or information security manager is preferred.
Master’s degree in Computer Science, Information Security/Data Systems Management or a related field or discipline from an accredited college or university is a minimum required.
Information security or risk management certifications (ISO/IEC 27001, 27005) or Certified Information Systems Security Professional (CISSP) are preferred. Any additional certifications (e.g., CRISC, CISM, CISA, PMP, etc.) will be a plus for the application.
Ambition: You anticipate, think and dream big, demonstrating a high level of aspiration. You are self-driven and show proactivity, especially when seeing problems as challenges. You thrive for exceptional performance.
Judgement: You can balance operational and strategic thinking, challenging the status quo and managing confrontation effectively. You cut quickly through complexity and ambiguity whilst also thinking sustainably and are future-oriented. You reduce complexity to get things done.
Resilience: You always demonstrate purpose and ownership mindset but manage your own energy well. You uphold positivity for others and persist, bouncing back when faced with obstacles. You step back at times and accept limits.
Empathy: You cooperate and network effectively, creating genuine and trustful relationships with diverse people. You are sensitive to beauty and related emotions, always supporting others and showing benevolence. You understand and respect others’ feelings and motives.
Learning Agility: You are a self-motivated learner, showing self-awareness and demonstrating openness and curiosity. You experiment and learn from mistakes and past experiences, always showing courage and stepping out of your comfort zone. You support the development of a learning culture.
We put people development and learning at the heart of our business; we’ll help you master your role, develop your technical expertise and you’ll benefit from exceptional management and leadership programmes. From face-to-face workshops to our global online learning resources, you’re actively encouraged to embed learning into your daily life and are rewarded for continuous improvement. Don’t forget that every employee gets 3 Coursera credits; that means you can get qualifications from over 1000 universities from around the world, with thousands of courses to choose from.
Looking for a good work/life balance? With our new hybrid working scheme, you can take a flexible approach to work as well as benefit from early finishes on Fridays during the summer...so you can enjoy more time with your friends and family.
As any great employer should do, we make sure we look after your financial wellbeing. That’s why we have a great pension plan, profit share scheme and many more incentives to give you the security you deserve. We also put employee health and wellbeing at the front of everything we do; fully training employees as mental health ambassadors to support and educate ourselves further. There’s also the chance to enrol in medical and dental insurance, gym discounts, health check-ups and even yoga and Pilates classes to employees in all of our locations.
Oh, did we mention that as an employee you also get discount sales of up to 70% off throughout the year on our 36 brands? Plus, you also get the option to share that in our Friends and Family sales as well!
How we recruit
At L’Oréal, we take pride in creating a diverse, equitable and inclusive environment where everyone is welcome and their contributions are valued. When we recruit, hire, train, promote or engage in any other employment practice, we are committed to being an inclusive employer regardless of race, religion, gender identity, sexual orientation, national origin, age, socioeconomic status, medical condition or disability, or any other protected status. When we look for talent, we welcome difference - different backgrounds, experiences, personalities and perspectives. The beauty we find in our differences gives us the freedom to go beyond. That’s the beauty of L’Oréal.