Cargo: Information Systems

Tipo de posição: Permanent

Tipo de emprego: Full - Time

Local: Paris

País: France

The Cybersecurity team defines the L’Oréal cybersecurity strategy in alignment with the business strategy. The strategy is sustained by the Cybersecurity Policy defining the organization, the framework, the rules, the standards and procedures in all domains.

L’Oréal has launched an important IT Transformation project including foundations improvement, and the creation of new lines services. Cybersecurity is part of this transformation. It must be an active partner of IT to help and enable the transformation.

For its cybersecurity, L’Oréal has adopted a risk-driven approach. Hence, the cybersecurity department wants to strengthen its Risk Management capabilities by creating a Risk Management Service line for which we are looking for a Manager.

The Manager of the Risk Management service line supports the Risk identification, analysis and management process across all aspects of Information Technology for business. Responsibilities include assessing the current adequacy of the security strategy, business continuity /disaster recovery plans, threats to the systems, and then calculating the impact of potential adverse events.



  • Review and improve Cybersecurity risk management framework

  • Validate with Key stakeholders Risk level, Risk strategy and Risk Appetite

  • Build a transversal line of service:

  • To collect and manage new project demand.

  • Do a first level of Risk assessment.

  • To support local Security Manager.

  • To follow and ensure coherence of Risk Analysis

  • To manage exceptions.

  • To put in place and support Risk Management solution.

  • Engage and advise stakeholders

  • Work closely with team in charge of Third Party Risk management

  • Review and maintain IT Security in projects methodology

  • Consolidate Risks

  • Continuously evaluate communication security, data vulnerability, business continuity and compliance risks

  • Identify vulnerabilities or weaknesses in systems

  • Evaluate security policy, processes and procedures for completeness

  • Ensure that controls are adequate to protect sensitive information systems

  • Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk

  • Provide mitigation/ damage reduction proposals with cost justification

  • Identify defensive steps to take, starting by the existing security standards already available within L’Oréal

  • Participate to education of Security, IT & Business stakeholders to Risk Management




  • Master’s degree in Information Technology


Professional experience:

  • You have a successful first experience of 5 years in the cybersecurity field within a consultancy firm or a Fortune 500 company


Technical skills:

  • Knowledge of cybersecurity frameworks (NIST, OWASP, …)

  • Knowledge and experience in auditing, security reviews or compliance reviews

  • Knowledge and experience in risk analysis

  • Knowledge of web technologies (CMS, development frameworks, API, application security, …)

  • Knowledge of public cloud services (Azure, AWS, Google Cloud)


Management skills:

  • Ability to manage and / or influence people

  • Ability to communicate complex ideas effectively, both verbally and in writing, in English and French with international stakeholders and with cybersecurity stakeholders within the Group


Interpersonal skills:

  • Good relationship

  • Ability to convince and drive change

  • Ability to navigate within a fast-moving environment

  • Strong analytical skills

  • Fluency in English is essential