- Entry level
- No Education
- Salary to negotiate
- New York City
L'Oreal USA, Information Technology
Hudson Yards, New York City
The IT Security Senior Manager, Digital Risk is responsible for advising business lines regarding information security and for managing risks related to systems and processes used for the processing, storage, and transmission of information. You will work directly with the L’Oreal Americas Digital IT team and with business line leaders to evaluate new and existing digital initiatives and to inform and support collaborative risk decisions with business partners. This role requires strong business partnership to identify, analyze, and influence the management of Digital / Cyber risks across various projects and platforms, including emerging technologies.
You will be responsible for implementing and maintaining IT Security program to protect the company’s Digital assets, as well as managing information security compliance. It also requires monitoring and assessing Digital / Cyber risks utilizing security tools to proactively identify potential new threats and escalating as necessary.
The ideal candidate for this position is a proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant. The individual must also possess solid executive communication skills and domain competencies in a number of IT risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cyber security, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.
Key Role Responsibilities
- Manages implementation of IT security and risk management framework/tools specific to digital and cloud environments.
- Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information
- Identify and oversee implementation of security controls and processes over existing and new applications in digital environment, including CRM, e-marketing sites, e-commerce sites and mobile applications.
- Communicates risk assessment findings to stakeholders and internal customers.
- Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
- Identifies and implements appropriate controls to effectively manage information risks as needed
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
- Identifies opportunities to improve risk posture, developing solutions for remediation or mitigating risks and assessing the residual risk
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
- Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
- Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
- Tracks remediation of audit issues noted in internal and external audit findings/reports
- Assist with PCI compliance as needed.
Candidate Evaluation Criteria
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
- Building enterprise IT risk management and governance and compliance programs
- Strong organization, prioritization, and rationalization skills
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals and consistent application of this knowledge
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
- Thorough understanding of application security fundamentals and general security technologies.
- Strong commitment and belief in ongoing learning and development.
Typical Education and Experience:
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in
About the company
The L'Oréal Group is a French cosmetics and beauty company, headquartered in Clichy, Hauts-de-Seine. It is the world's largest cosmetics company, and has a registered office in Paris. It has developed activities in the field of cosmetics, concentrating on hair colour, skin care, sun protection, make-up, perfumes and hair care, the company is active in the dermatology, toxicology, tissue engineering, and biopharmaceutical research fields and is the top nanotechnology patent-holder in the United States.