Função: Sistemas e Informações

Tipo de Emprego: Tempo Integral

Localização: New Jersey - Berkeley Heights

País: USA

Job Title:  IT Security & Risk Manager

Location: Berkley Heights, NJ - approx. 80% and New York, NY- approx. 20%

 

Role description  

The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of social, e-marketing, e-commerce and retail. 

The ideal candidate for this position is a proven IT Security/Risk management expert with deep understanding of enterprise IT risk management methods and techniques to drive successful outcomes, and must have hands-on experience in:

  • Designing and implementing IT security and risk management framework/tools for business-to-business (B2B) solutions, cloud-based CRM solutions such as Salesforce.com
  • Designing and implementing IT security and risk management framework/tools for e-commerce, e-marketing, social, and digital areas
  • Designing and implementing IT security framework/tools for third party risk management
  • Domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cybersecurity, IT audit, business continuity management, privacy and compliance.

Role Responsibilities

The key responsibilities of the role are as follows:

  • Manages implementation of IT security and risk management framework/tools
  • Performs focused risks assessments of existing or new services and technologies to ensure the protection of the organization’s information assets and our customer information
  • Communicates risk assessment findings to stakeholders
  • Provides consultative advice to information security customers that enables them to make informed risk management decisions
  • Identifies and implements appropriate controls to effectively manage information risks as needed
  • Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
  • Performs IT General Control, Application control audits, PCI DSS and other IT related reviews
  • Identifies weaknesses in internal controls and opportunities to enhance operational efficiencies
  • Monitors and assesses Digital/Cyber risks utilizing security tools to proactively identify potential new threats and escalate as necessary
  • Tracks remediation of audit issues noted in internal and external audit reports

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

  • A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
  • Building enterprise IT risk management and governance and compliance programs
  • Strong organization, prioritization, rationalization and analytics skills
  • An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
  • A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner
  • A working knowledge of the following areas of technical expertise: information policy formulation, cybersecurity management, IT risk assessment and management, business continuity management, IT governance formulation, IT vulnerability management, and organizational change management, IT financial management and IT audit
  • Understanding of information security fundamentals and general security technologies

 

Typical Education and Experience


    • BS in Computer Science, Information Security, or a related field. MBA is preferred
    • 5+ years of professional experience in IT security, compliance and risk management, including privacy, data protection, security controls, etc.
    • Experience in application risk management, Cloud Platform risk & controls, data encryption, and PCI compliance
    • 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, and PCI DSS