Сфера деятельности: Information Systems
Тип должности: Fix Term
Тип занятости: Full - Time
Место расположения: Shanghai
Role and Responsibilities
The role of IT Risk Manager is responsible for identifying, assessing, evaluating and monitoring the IT risks of L’Oréal APAC with the scope of Asia Pacific markets.
Support multiple teams includes IT infrastructure, IT retail and the application owners (e.g. SAP, Boost, CRM, MARS etc.) to enable the risk based environment for L’Oréal.
This role will work closely with a wide range of audiences, which includes APAC CISO, APAC CTO, APAC IT Retail Head and critical applications/systems owners.
The major directive of this position is to identify and report information technology risks to senior management team where necessary and tracking the risk until closure.
Enable the risk enabled environment, develop a risk awareness program and conduct training to ensure that all stakeholders understand the risk and contribute to the risk management process and to promote a risk-aware culture
Identification of information technology risks, communication and development of “best practice” solutions, and implementation of mitigating controls which consistent with company strategy
Development, implementation and enforcement of information security governance including policies, standards and procedures in collaboration with all relevant teams where necessary
Ensure that the IT assets has been identified and protected against Loreal security policies and processes
Development, execution and monitoring of disaster recovery plans for all critical IT applications throughout the region
Coordinate the risk remediation from cybersecurity team with the owners of these critical applications
Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels required
Support IT infra and IT retail team in terms of security assessment/evaluation of non-loreal standard solutions
Create and maintain a risk register to ensure that all identified risk factors are accounted for, and establish the benchmark as well as the information technology risks reporting dashboard in terms of highlight the risk profiles for the zone and the countries
Assist with providing subject matter expertise within the information technology operational risk management framework and the vendor risk assessment framework
Validate the risk appetite and risk tolerance level with senior leadership and key stakeholders to ensure alignment
Responsible for various risk management projects as assigned from whatever from zone and/or global, e.g. IT GRC