Cargo: Information Systems

Tipo de posição: Permanent

Tipo de emprego: Full - Time

Local: Paris

País: France

Vendors CyberSecurity Manager (H/F)

With a direct report to the Group CIO, the Cybersecurity team defines the L’Oréal cybersecurity strategy in alignment with the business strategy. The strategy is sustained by the Cybersecurity Policy defining the organization, the framework, the rules, the standards and procedures in all domains.

As many other companies, L’Oréal progressively moves towards what is called the “extended enterprise” meaning that important parts of its information systems are open to external companies or managed by external partners.

From a cybersecurity standpoint, L’Oréal must ensure that the level of security remains at the required level and that it is consistent among the extended enterprise.

To reach this objective, the cybersecurity department wants to strengthen how the cybersecurity is managed with the providers and partners of L’Oréal.


The goal of the Vendor Security Manager is to ensure L’Oréal that its vendors enforce the right security controls, in adequation with the risks.

The Vendor Security Manager will work in close relationship with the Vendor Management Department and the Legal Department. He/she will define relevant criteria in order to define different vendors categories, each requiring an appropriate approach.

The main missions of the Vendors Security Manager are:

  • Defining and maintaining security categories
  • Defining the relevant strategy for each category
  • Defining the methods, KPIs, contractual clauses
  • Operating the processing according this definition
  • Follow up of security incidents



                    Master’s degree in Information Technology or Operational Risk

Professional experience:

                    You have a successful first experience of 5 years in the cybersecurity field within a consultancy firm or a Fortune 500 company

Technical skills:

  • Knowledge of cybersecurity frameworks (NIST, OWASP, …)
  • Knowledge and experience in auditing, security reviews or compliance reviews
  • Knowledge of web technologies (CMS, development frameworks, API, application security, …)
  • Experience in risk analysis
  • Knowledge of public cloud services (Azure, AWS, Google Cloud)

Management skills:

  • Ability to build and manage a team
  • Ability to manage consultancy teams (i.e. penetration testing)
  • Ability to manage MSSP
  • Ability to communicate complex ideas effectively, both verbally and in writing, in English and French with international stakeholders and with cybersecurity stakeholders within the Group

Interpersonal skills:

  • Good relationship
  • Ability to convince and drive change
  • Ability to navigate within a fast-moving environment
  • Strong analytical skills
  • Fluency in English is essential

Position based at Clichy (92) with regular meetings within Paris area and occasional business trip abroad (1 to 5 days)