Cargo: Information Systems

Tipo de posição: Permanent

Tipo de emprego: Full - Time

Local: Berkeley Heights, NJ

País: United States

L'Oreal USA, Information Technology

Berkeley Heights, NJ

IT Manager, Retail Security & Risk

Role description  

  • The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, etc. 
  • The ideal candidate for this position is a proven IT Security/Risk management expert with deep understanding of enterprise IT risk management methods and techniques to drive successful outcomes, and must have hands-on experience in:
  • Designing and implementing IT security and risk management framework/tools for retail IT solutions, retail solutions such as Mars and SAP
  • Designing and implementing IT security and risk management framework/tools for e-commerce, e-marketing, social, and digital areas
  • Domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cyber security, IT audit, disaster recovery planning, business continuity management, privacy and compliance (PCI DSS, CCPA, GDPR)
  • Must possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.
  • A proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant.

Role Responsibilities

The key responsibilities of the role are as follows:

  • Responsible for advising IT and business stakeholders on information security risks and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, B2B. 
  • Provide leadership and work proactively with the various business units and other internal departments to implement best practices that meet L’Oreal Group defined policies and standards for information risk management.
  • Manages implementation of IT security and risk management framework/tools specific to Retail B2C and B2B environments.
  • Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information
  • Identify and oversee implementation of security controls and processes over existing and new applications in retail environment, including point of sale and mobile applications.
  • Communicates risk assessment findings to stakeholders and internal customers.
  • Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
  • Identifies and implements appropriate controls to effectively manage information risks as needed
  • Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
  • Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
  • Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
  • Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
  • Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
  • Tracks remediation of audit issues noted in internal and external audit findings/reports
  • Assist with PCI compliance efforts as needed.

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

  • A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
  • Building enterprise IT risk management and governance and compliance programs
  • Strong organization, prioritization, rationalization and analytics skills
  • An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
  • A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
  • Strong organization, prioritization, rationalization and analytics skills
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner
  • A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
  • Thorough understanding of application security fundamentals and general security technologies.
  • Strong commitment and belief in ongoing learning and development.

 

Typical Education and Experience

  • BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred
  • 5+ years of professional experience in the Retail IT, IT security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc.
  • 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc. 
  • Industry certifications desirable (e.g. CRISC, CISSP, CISM, CISA, PMP, etc.).
  • 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection.  Expertise in AWS or Azure a plus.
  • 3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.

 

We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.

If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation@support.lorealusa.com. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.

#}