Job description


  • Entry level
  • No Education
  • Salary to negotiate
  • Berkeley Heights


L'Oreal USA, Information Technology

Berkeley Heights, NJ 

Role description

The Governance & Compliance Manager is responsible for advising IT and business stakeholders on information security best practices and controls, compliance to applicable regulations, guidance related to information security governance, security training and awareness, policy management, information security metrics, and data protection.

The ideal candidate for this position is a proven Governance and Compliance expert with deep understanding of methods and techniques to drive successful outcomes and the ability to work with all levels up and down the organizational structure.

Role Responsibilities

- The key responsibilities of the role are as follows:
- Manage internal and external deliverable to ensure continued compliance with PCI-DSS requirements.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.
- Identify, evaluate, and assist with the implementation of an information governance solutions to provide systemic monitoring of the Information Governance program.
- Promote training, awareness and best practices within the enterprise with regard to needed processes and procedures to maintain a secure operating model.
- Participate in planning, scheduling and preliminary analysis for all internal and external audit projects.
- Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverable.
- Manage day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Program.
- In conjunction with Group Legal and Group Compliance identify information management and protection laws and regulations and implement actions to ensure compliance
- Establish agreement and lead documentation efforts for process improvements related to security and compliance management.
- Perform IT Governance Maturity Assessments for the respective IT Functional Areas.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards.

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Building enterprise governance and compliance programs.
- Strong organization, prioritization, rationalization and analytics skills
- An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
- A well-developed understanding of and appreciation for business needs
- A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An ability to effectively influence others to modify their opinions, plans, or behaviors.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner.
- Understanding of information security fundamentals and general security technologies. 
Typical Education and Experience

- BS or higher degree in Computer science, Information Security, or equivalent experience
- 5+ years of professional experience in IT security, compliance and risk management, including privacy, data protection, security controls, etc.
- Industry-standard Information Security certifications such as CISSP, CISM, etc.
- Six-Sigma Certification is a plus
- Prior experience working with regulatory requirements and standards (PCI-DSS, GDPR, HIPAA, CCPA etc.) and frameworks (ISO2700x, NIST, OWASP, etc.)
- Demonstrated experience in identifying, assessing, and mitigating, regulatory and compliance risk
- Technical understanding of cloud infrastructure, networking, access controls, and change management.
- Experience with ISO 27000, NIST, CIS and other information security frameworks
- Hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.

- Familiarity with Incident Response processes and procedures.
- Superior organization skills with the ability to quickly adapt to change
- Basic experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.
- Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.
- Understanding of Security Best Practices
- Understanding of Networking Concepts
- Experience developing dashboards and views in PowerBI a plus
- Strong project management skills with experience managing enterpris

About the company

The L'Oréal Group is a French cosmetics and beauty company, headquartered in Clichy, Hauts-de-Seine. It is the world's largest cosmetics company, and has a registered office in Paris. It has developed activities in the field of cosmetics, concentrating on hair colour, skin care, sun protection, make-up, perfumes and hair care, the company is active in the dermatology, toxicology, tissue engineering, and biopharmaceutical research fields and is the top nanotechnology patent-holder in the United States.

Companies in this sector