Cargo: Information Systems

Tipo de posição: Fix Term

Tipo de emprego: Full - Time

Local: Shanghai

País: China

Role and Responsibilities

The role of IT Risk Manager is responsible for identifying, assessing, evaluating and monitoring the IT risks of L’Oréal APAC with the scope of Asia Pacific markets.

Support multiple teams includes IT infrastructure, IT retail and the application owners (e.g. SAP, Boost, CRM, MARS etc.) to enable the risk based environment for L’Oréal.

This role will work closely with a wide range of audiences, which includes APAC CISO, APAC CTO, APAC IT Retail Head and critical applications/systems owners. 

The major directive of this position is to identify and report information technology risks to senior management team where necessary and tracking the risk until closure.  


  • Enable the risk enabled environment, develop a risk awareness program and conduct training to ensure that all stakeholders understand the risk and contribute to the risk management process and to promote a risk-aware culture

  • Identification of information technology risks, communication and development of “best practice” solutions, and implementation of mitigating controls which consistent with company strategy

  • Development, implementation and enforcement of information security governance including policies, standards and procedures in collaboration with all relevant teams where necessary

  • Ensure that the IT assets has been identified and protected against Loreal security policies and processes

  • Development, execution and monitoring of disaster recovery plans for all critical IT applications throughout the region

  • Coordinate the risk remediation from cybersecurity team with the owners of these critical applications

  • Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels required

  • Support IT infra and IT retail team in terms of security assessment/evaluation of non-loreal standard solutions

  • Create and maintain a risk register to ensure that all identified risk factors are accounted for, and establish the benchmark as well as the information technology risks reporting dashboard in terms of highlight the risk profiles for the zone and the countries

  • Assist with providing subject matter expertise within the information technology operational risk management framework and the vendor risk assessment framework

  • Validate the risk appetite and risk tolerance level with senior leadership and key stakeholders to ensure alignment

  • Responsible for various risk management projects as assigned from whatever from zone and/or global, e.g. IT GRC