IT Digital Security Lead
Hudson Yards, New York, NY
L'Oreal plans to return to the office in a hybrid model of three days in office and two days remote a week. Fully remote employees can't be considered for this role at this time. The IT digital security senior manager will be splitting time between Hudson Yards in midtown Manhattan and Berkeley Heights, New Jersey.
The IT Security Senior Manager is responsible for managing implementation of IT security & cyber risk management framework/technologies/tools specific to digital, eCommerce, eMarketing and cloud environments (AWS, Azure, GCP). Advising business lines regarding information security cyber risks related to systems and processes used for the processing, storage, and transmission of our customers personal information/data and L’Oreal sensitive information assets. The IT Security Senior Manager will work directly with the L’Oreal Digital IT, Legal, Sourcing, HR, etc. and with business line leaders to evaluate new, innovative, and existing digital initiatives/technologies and to inform and support collaborative cyber risk decisions with business partners. This role requires building and sustaining strong business partnership to identify, analyze, and influence the management of digital/cyber risks across various projects and platforms, including emerging & innovative technologies.
The IT Security Senior Manager is also responsible for implementing and maintaining IT Security program to protect the company’s Digital assets, as well as managing information security compliance with the L'Oréal's global cybersecurity framework. It also requires monitoring and assessing digital/cyber risks utilizing security tools to proactively identify potential new threats, implementing mitigating controls and escalating as necessary.
- The ideal candidate for this position is a proven thought leader, cyber security expert with business results and problem- solving mindset, integrator of people, processes, technologies as well as an effective project manage/facilitator. The individual must also possess solid executive communication skills and domain competencies in IT security, digital/eCommerce/eMarketing security, cloud environment security, compliance and risk management, vendor risk assessment/management, cybersecurity, cryptography, data privacy, data security/protection, cybersecurity controls, business continuity management, audit management, etc.
Key Role Responsibilities
- Manages implementation of IT security and risk management framework/tools specific to digital, ecommerce, eMarketing and cloud environments (AWS, Azure, GCP).
- Performs risk assessments and evaluate new technologies/innovative solutions, new vendors, and new services to ensure the security & protection of the L'Oréal's digital & information assets, our customer’s personal information/data.
- Identify and oversee implementation of cybersecurity controls & processes over existing and new applications in the digital and cloud environments (AWS, Azure, GCP), including CRM, e-commerce websites, e-marketing websites, and mobile applications.
- Communicates risk assessment findings to stakeholders, internal customers, 3rd party vendors, business partners, recommend and implement cybersecurity controls.
- Provides leadership and consultative advice to digital IT, internal customers (legal, sourcing, divisions, brands) that enables them to make informed risk management decisions.
- Identifies and implements appropriate controls to effectively manage information risks as needed.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies, procedures, and standards
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
- Performs IT general controls assessment/evaluation, enterprise cybersecurity controls assessments, and other IT security related reviews.
- Monitors and assesses cyber risks utilizing security tools to proactively identify potential and new threats and escalate to management as necessary
- Tracks remediation of audit issues noted in internal and external audit findings/reports
- Assist with PCI compliance as needed.
Candidate Evaluation Criteria
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Building enterprise IT risk management, governance, and compliance programs.
- Strong expertise & experience in IT security, digital / eCommerce / eMarketing security, cloud environment security, compliance and risk management, vendor risk assessment/management, cybersecurity, cryptography, data privacy, data security/protection, cybersecurity controls, business continuity management, audit management.
- Thorough knowledge & understanding of cyber risks mitigation technologies/tool for digital / eCommerce / eMarketing security, cloud environment (AWS, Azure, GCP) security.
- Strong organization, project management, prioritization, and rationalization skills
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
- An ability to effectively influence others to modify their opinions, plans, or behaviors related to cyber risk.
- An ability to effectively manage competing priorities.
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals and consistent application of this knowledge.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner.
- A working knowledge of the following areas of technical expertise: information policy formulation, cybersecurity management, IT risk assessment and management, business continuity management, audit management, etc., IT vulnerability management, and organizational change management, IT financial management and IT audit
- A working knowledge of application security fundamentals and general security technologies.
- Strong commitment and belief in ongoing learning and development.
Typical Education and Experience:
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
- BS in Computer Science, Information Security, Information Systems, or a related field. Masters in these areas is preferred.
- 5+ years of professional experience in IT security, digital / eCommerce / eMarketing security, cloud environment security, compliance and risk management, vendor risk assessment/management, cybersecurity, cryptography, data privacy, data security/protection, cybersecurity controls, business continuity management, audit management etc.
- 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection. Expertise in securing AWS/Azure/GCP cloud environments.
- 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc.
- 3+ years of hands-on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.
- Industry certifications such as CRISC, CISSP, CISM, CISA, PMP, are highly desirable.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status. If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email [email protected]. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.