loreal it security retail manager

Job description

L'Oreal USA, Information Technology

Berkeley Heights, NJ

IT Manager, Retail Security & Risk

Role description  

·  The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, etc. 
·  The ideal candidate for this position is a proven IT Security/Risk management expert with deep understanding of enterprise IT risk management methods and techniques to drive successful outcomes, and must have hands-on experience in:
·  Designing and implementing IT security and risk management framework/tools for retail IT solutions, retail solutions such as Mars and SAP
·  Designing and implementing IT security and risk management framework/tools for e-commerce, e-marketing, social, and digital areas
·  Domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cyber security, IT audit, disaster recovery planning, business continuity management, privacy and compliance (PCI DSS, CCPA, GDPR)

·  Must possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.
·  A proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant.

Role Responsibilities

The key responsibilities of the role are as follows:

·  Responsible for advising IT and business stakeholders on information security risks and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, B2B. 
·  Provide leadership and work proactively with the various business units and other internal departments to implement best practices that meet L’Oreal Group defined policies and standards for information risk management.
·  Manages implementation of IT security and risk management framework/tools specific to Retail B2C and B2B environments.
·  Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information
·  Identify and oversee implementation of security controls and processes over existing and new applications in retail environment, including point of sale and mobile applications.
·  Communicates risk assessment findings to stakeholders and internal customers.
·  Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
·  Identifies and implements appropriate controls to effectively manage information risks as needed
·  Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
·  Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
·  Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
·  Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
·  Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
·  Tracks remediation of audit issues noted in internal and external audit findings/reports
·  Assist with PCI compliance efforts as needed.

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

·  A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
·  Building enterprise IT risk management and governance and compliance programs
·  Strong organization, prioritization, rationalization and analytics skills
·  An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
·  A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business
·  A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
·  Strong organization, prioritization, rationalization and analytics skills
·  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
·  An ability to effectively influence others to modify their opinions, plans, or behaviors
·  An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner
·  A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
·  Thorough understanding of application security fundamentals and general security technologies.
·  Strong commitment and belief in ongoing learning and development.

 

Typical Education and Experience

·  BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred
·  5+ years of professional experience in the Retail IT, IT security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc.
·  5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc. 
·  Industry certifications desirable (e.g. CRISC, CISSP, CISM, CISA, PMP, etc.).
·  3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection.  Expertise in AWS or Azure a plus.
·  3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.

 
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.

If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email . Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered. ","datePosted":"2019-07-11T18:57:28.364Z","title":"L'Oreal IT Security, Retail Risk Manager","occupationalCategory":"IT & L'Oreal IT Security, Retail Risk Manager in Berkeley Heights, NJ | IT & Systems at l'oreal       .aurelia-hide { display:none !important; }      L'Oréal | Job Description
· 
· 
· 
· 
· 
·  /*
·  The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, etc. 
·  The ideal candidate for this position is a proven IT Security/Risk management expert with deep understanding of enterprise IT risk management methods and techniques to drive successful outcomes, and must have hands-on experience in:
·  Designing and implementing IT security and risk management framework/tools for retail IT solutions, retail solutions such as Mars and SAP
·  Designing and implementing IT security and risk management framework/tools for e-commerce, e-marketing, social, and digital areas
·  Domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cyber security, IT audit, disaster recovery planning, business continuity management, privacy and compliance (PCI DSS, CCPA, GDPR)

·  Must possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.
·  A proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant.

Role Responsibilities

The key responsibilities of the role are as follows:

·  Responsible for advising IT and business stakeholders on information security risks and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, B2B. 
·  Provide leadership and work proactively with the various business units and other internal departments to implement best practices that meet L’Oreal Group defined policies and standards for information risk management.
·  Manages implementation of IT security and risk management framework/tools specific to Retail B2C and B2B environments.
·  Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information
·  Identify and oversee implementation of security controls and processes over existing and new applications in retail environment, including point of sale and mobile applications.
·  Communicates risk assessment findings to stakeholders and internal customers.
·  Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
·  Identifies and implements appropriate controls to effectively manage information risks as needed
·  Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards
·  Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
·  Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
·  Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
·  Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
·  Tracks remediation of audit issues noted in internal and external audit findings/reports
·  Assist with PCI compliance efforts as needed.

Candidate Evaluation Criteria

Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:

·  A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
·  Building enterprise IT risk management and governance and compliance programs
·  Strong organization, prioritization, rationalization and analytics skills
·  An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
·  A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business
·  A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
·  Strong organization, prioritization, rationalization and analytics skills
·  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
·  An ability to effectively influence others to modify their opinions, plans, or behaviors
·  An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner
·  A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
·  Thorough understanding of application security fundamentals and general security technologies.
·  Strong commitment and belief in ongoing learning and development.

 

Typical Education and Experience

·  BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred
·  5+ years of professional experience in the Retail IT, IT security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc.
·  5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc. 
·  Industry certifications desirable (e.g. CRISC, CISSP, CISM, CISA, PMP, etc.).
·  3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection.  Expertise in AWS or Azure a plus.
·  3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.

 
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.

If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email . Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered. ","title":"L'Oreal IT Security, Retail Risk Manager","multi_location":[{"country":"United States","cityState":null,"city":"","latlong":{"lon":-74.4310524,"lat":40.6808726},"lon":"-74.4310524","location":"Berkeley Heights, NJ","cityStateCountry":"United States","cityCountry":"United States","state":"","mapQueryLocation":"Berkeley Heights, NJ","lat":"40.6808726","stateCountry":"United States"}],"locale":"en_GLOBAL","ml_skills_mapping":[{"standardSkill":"Organizational Change Management","nonStandardSkill":"organizational change management"},{"standardSkill":"Risk Assessment & Management","nonStandardSkill":"risk assessment and management"},{"standardSkill":"Business Continuity Management","nonStandardSkill":"business continuity management"},{"standardSkill":"Information Risk Management","nonStandardSkill":"information risk management"},{"standardSkill":"Disaster Recovery Planning","nonStandardSkill":"disaster recovery planning"},{"standardSkill":"Vulnerability Management","nonStandardSkill":"vulnerability management"},{"standardSkill":"IT Financial Management","nonStandardSkill":"it financial management"},{"standardSkill":"Communication Skills","nonStandardSkill":"ability to communicate"},{"standardSkill":"Regulatory Compliance","nonStandardSkill":"regulatory compliance"},{"standardSkill":"Collaborative Working","nonStandardSkill":"collaborative working"},{"standardSkill":"Information Security","nonStandardSkill":"information security"},{"standardSkill":"Communication Skills","nonStandardSkill":"communication skills"},{"standardSkill":"Application Security","nonStandardSkill":"application security"},{"standardSkill":"Customer Information","nonStandardSkill":"customer information"},{"standardSkill":"Security Management","nonStandardSkill":"security management"},{"standardSkill":"Mobile Applications","nonStandardSkill":"mobile applications"},{"standardSkill":"Proven Track Record","nonStandardSkill":"proven track record"},{"standardSkill":"Business Continuity","nonStandardSkill":"business continuity"},{"standardSkill":"Enterprise Security","nonStandardSkill":"enterprise security"},{"standardSkill":"Information Systems","nonStandardSkill":"information systems"},{"standardSkill":"Controls Assessment","nonStandardSkill":"controls assessment"},{"standardSkill":"Information Policy","nonStandardSkill":"information policy"},{"standardSkill":"IT Risk Management","nonStandardSkill":"it risk management"},{"standardSkill":"Disaster Recovery Management","nonStandardSkill":"disaster recovery"},{"standardSkill":"Security Controls","nonStandardSkill":"security controls"},{"standardSkill":"Continous Learning","nonStandardSkill":"ongoing learning"},{"standardSkill":"General Controls","nonStandardSkill":"general controls"},{"standardSkill":"Risk Assessment","nonStandardSkill":"risk assessments"},{"standardSkill":"Risk Assessment","nonStandardSkill":"risk assessment"},{"standardSkill":"Risk Management","nonStandardSkill":"risk management"},{"standardSkill":"Customer Facing","nonStandardSkill":"customer facing"},{"standardSkill":"Problem Solving","nonStandardSkill":"problem solving"},{"standardSkill":"Organizational Skills","nonStandardSkill":"organizational"},{"standardSkill":"Digital Asset","nonStandardSkill":"digital assets"},{"standardSkill":"Cyber Security","nonStandardSkill":"cyber security"},{"standardSkill":"External Auditing","nonStandardSkill":"external audit"},{"standardSkill":"Business Units","nonStandardSkill":"business units"},{"standardSkill":"PCI Compliance","nonStandardSkill":"compliance pci"},{"standardSkill":"PCI Compliance","nonStandardSkill":"pci compliance"},{"standardSkill":"Data Security","nonStandardSkill":"data security"},{"standardSkill":"Point Of Sale","nonStandardSkill":"point of sale"},{"standardSkill":"Authoritative","nonStandardSkill":"authoritative"},{"standardSkill":"Cryptography","nonStandardSkill":"cryptography"},{"standardSkill":"Data Privacy","nonStandardSkill":"data privacy"},{"standardSkill":"Organizational Skills","nonStandardSkill":"organization"},{"standardSkill":"IT Solutions Development","nonStandardSkill":"it solutions"},{"standardSkill":"Stake Holder Management","nonStandardSkill":"stakeholders"},{"standardSkill":"Responsibility","nonStandardSkill":"responsible"},{"standardSkill":"Formulation","nonStandardSkill":"formulation"},{"standardSkill":"Proficiency","nonStandardSkill":"proficiency"},{"standardSkill":"Recruiting","nonStandardSkill":"recruitment"},{"standardSkill":"E-Marketing","nonStandardSkill":"e-marketing"},{"standardSkill":"IT Security","nonStandardSkill":"it security"},{"standardSkill":"Demonstrate","nonStandardSkill":"demonstrate"},{"standardSkill":"IT Management","nonStandardSkill":"it manager"},{"standardSkill":"Consistent","nonStandardSkill":"consistent"},{"standardSkill":"Evaluation","nonStandardSkill":"evaluation"},{"standardSkill":"Leadership","nonStandardSkill":"leadership"},{"standardSkill":"Reasonable","nonStandardSkill":"reasonable"},{"standardSkill":"Efficiency","nonStandardSkill":"efficient"},{"standardSkill":"Analyzing","nonStandardSkill":"analyzing"},{"standardSkill":"IT Vendor Management","nonStandardSkill":"it vendor"},{"standardSkill":"Assessing","nonStandardSkill":"assessing"},{"standardSkill":"Advising","nonStandardSkill":"advising"},{"standardSkill":"Training","nonStandardSkill":"training"},{"standardSkill":"Hands-On","nonStandardSkill":"hands on"},{"standardSkill":"IT Auditing","nonStandardSkill":"it audit"},{"standardSkill":"Science","nonStandardSkill":"science"},{"standardSkill":"Concept","nonStandardSkill":"concept"},{"standardSkill":"Veterans Affairs","nonStandardSkill":"veteran"},{"standardSkill":"PCI DSS","nonStandardSkill":"pci dss"},{"standardSkill":"Writing","nonStandardSkill":"writing"},{"standardSkill":"Retail","nonStandardSkill":"retail"},{"standardSkill":"PROMPT","nonStandardSkill":"prompt"},{"standardSkill":"Belief","nonStandardSkill":"belief"},{"standardSkill":"U.S. Health Insurance Portability & Accountability Act","nonStandardSkill":"hipaa"},{"standardSkill":"CISSP","nonStandardSkill":"cissp"},{"standardSkill":"Cloud","nonStandardSkill":"cloud"},{"standardSkill":"COBIT","nonStandardSkill":"cobit"},{"standardSkill":"Microsoft Azure","nonStandardSkill":"azure"},{"standardSkill":"CISA","nonStandardSkill":"cisa"},{"standardSkill":"CISM","nonStandardSkill":"cism"},{"standardSkill":"GRC","nonStandardSkill":"grc"},{"standardSkill":"PMP","nonStandardSkill":"pmp"},{"standardSkill":"AWS","nonStandardSkill":"aws"},{"standardSkill":"SAP","nonStandardSkill":"sap"},{"standardSkill":"DSS","nonStandardSkill":"dss"},{"standardSkill":"B2C","nonStandardSkill":"b2c"},{"standardSkill":"B2B","nonStandardSkill":"b2b"}],"jobSeqNo":"LOREUS61046","educationRequired":"Bachelor","postedDate":"2019-07-11T18:57:28.364Z","ml_highlight":"The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related...","dateCreated":"2019-06-21T14:03:08.672Z","ml_role":null,"cityStateCountry":"United States","ml_jobExperience":null,"brands":"Multi-Brands","parentRefNum":"LOREUS","ml_skilled_jd":"l'oreal usa, information technology. berkeley heights, nj. it_management retail security & risk. role description . the it_security and risk manager is responsibility for advising it and business stake_holder_management on information_security and for identifying, analyzing and influencing the management of information risks related to enterprise and digital_asset used across the organizational_skills and customer_facing in the areas of retail social, e-marketing e-commerce, etc . the ideal candidate for this position is a proven it_security risk_management expert with deep understanding of enterprise it_risk_management methods and techniques to drive successful outcomes, and must have hands-on experience in . designing and implementing it_security and risk_management framework/tools for retail it_solutions_development retail solutions such as mars and sap . designing and implementing it_security and risk_management framework/tools for e-commerce, e-marketing social, and digital areas . domain competencies in a number of it-risk-related disciplines, including it_risk_management cyber_security it_auditing disaster_recovery_planning business_continuity_management privacy and pci_compliance dss ccpa, gdpr . must possess solid executive communication_skills and domain competencies in a number of it-risk-related disciplines/areas . it_risk_management it_vendor_management risk_assessment management, cybersecurity, access controls, it general_controls it_auditing cryptography business_continuity data_privacy and compliance . a proven thought leader, with business results and problem_solving mindset, integrator of people and processes, as well as an effective internal consultant . role responsibilities . the key responsibilities of the role are as follows . responsibility for advising it and business stake_holder_management on information_security risks and for identifying, analyzing and influencing the management of information risks related to enterprise and digital_asset used across the organizational_skills and customer_facing in the areas of retail social, e-marketing e-commerce, b2b . provide leadership and work proactively with the various business_units and other internal departments to implement best practices that meet l’oreal group defined policies and standards for information_risk_management . manages implementation of it_security and risk_management framework/tools specific to retail b2c and b2b environments . performs risk_assessment of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer_information . identify and oversee implementation of security_controls and processes over existing and new applications in retail environment, including point_of_sale and mobile_applications . communicates risk_assessment findings to stake_holder_management and internal customers . provides leadership and consultative advice to information_security customers that enables them to make informed risk_management decisions . identifies and implements appropriate controls to effectively manage information risks as needed . ensures compliance with industry, regulatory and l’oreal group defined policies and standards . identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk . maintains strong working relationships with individuals and groups involved in managing information risks across the organizational_skills . performs it general controls_assessment evaluation enterprise_security controls assessments, and other it_security related reviews . monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary . tracks remediation of audit issues noted in internal and external_auditing findings/reports . assist with pci_compliance efforts as needed . candidate evaluation criteria . candidates will be evaluated based on their ability to demonstrate a proven_track_record of proficiency at the following competencies . a commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business . building enterprise it_risk_management and governance and compliance programs . strong organizational_skills prioritization, rationalization and analytics skills . an ability to cultivate and build collaborative_working relationships with a broad range of enterprise stake_holder_management . a well-developed understanding of and appreciation for business needs and a commitment to leading the information_risk_management team in delivering high-quality, prompt and efficiency service to the business . a well-developed understanding of and appreciation for organizational_skills mission, values, and goals and consistent application of this knowledge . strong organizational_skills prioritization, rationalization and analytics skills . strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one . an ability to effectively influence others to modify their opinions, plans, or behaviors . an communication_skills complex and technical issues to diverse audiences, orally and in writing in an easily-understood, authoritative structured and actionable manner . a working knowledge of the following areas of technical expertise . information_policy formulation cyber security_management it risk_assessment_&_management business_continuity_management disaster_recovery_management it vulnerability_management and organizational_change_management it_financial_management and it_auditing thorough understanding of application_security fundamentals and general security technologies . strong commitment and belief in continous_learning and development . typical education and experience . bs in computer science information_security information_systems or a related field. mba is preferred . 5+ years of professional experience in the retail it, it_security compliance and risk_management vendor risk_assessment management, cyber_security cryptography data_privacy data_security protection, security_controls business_continuity_management disaster_recovery_management etc . 5+ years of experience working with national and international regulatory_compliance frameworks such as iso27000, cobit nist, u.s._health_insurance_portability_&_accountability_act pci_dss etc . industry certifications desirable e.g. crisc, cissp cism cisa pmp etc . 3+ years of experience in the cloud computing/platform security/risk & controls, cloud access & controls, cloud data_security protection. expertise in aws or microsoft_azure a plus . 3+ years of hands-on experience using grc tools/technologies such as servicenow grc or similar grc tools/technologies . we are an equal opportunity employer and take pride in a diverse environment. we do not discriminate in recruiting hiring, training promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veterans_affairs status, medical condition or disability, or any other legally protected status . if you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email usapplicationaccommodation support.lorealusa.com. please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. all others will not be considered. ","applyUrl":"//career.loreal.com/careers/login?jobId=68311","ml_filtered_Skills":null,"jobUniqueIdentifierValue":"68311###en_GLOBAL","location":"Berkeley Heights, NJ","cityCountry":"United States","mapQueryLocation":"Berkeley Heights, NJ","category":"IT & Systems","ml_Description":"L'Oreal USA, Information Technology. Berkeley Heights, NJ. IT Manager, Retail Security & Risk. Role description . The IT Security and Risk Manager is responsible for advising IT and business stakeholders on information security and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, etc . The ideal candidate for this position is a proven IT Security/Risk management expert with deep understanding of enterprise IT risk management methods and techniques to drive successful outcomes, and must have hands-on experience in . Designing and implementing IT security and risk management framework/tools for retail IT solutions, retail solutions such as Mars and SAP . Designing and implementing IT security and risk management framework/tools for e-commerce, e-marketing, social, and digital areas . Domain competencies in a number of IT-risk-related disciplines, including IT risk management, Cyber security, IT audit, disaster recovery planning, business continuity management, privacy and compliance PCI DSS, CCPA, GDPR . Must possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas . IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance . A proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant . Role Responsibilities . The key responsibilities of the role are as follows . Responsible for advising IT and business stakeholders on information security risks and for identifying, analyzing, and influencing the management of information risks related to enterprise and digital assets used across the organization and customer facing in the areas of retail, social, e-marketing, e-commerce, B2B . Provide leadership and work proactively with the various business units and other internal departments to implement best practices that meet L’Oreal Group defined policies and standards for information risk management . Manages implementation of IT security and risk management framework/tools specific to Retail B2C and B2B environments . Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization’s information assets and our customer information . Identify and oversee implementation of security controls and processes over existing and new applications in retail environment, including point of sale and mobile applications . Communicates risk assessment findings to stakeholders and internal customers . Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions . Identifies and implements appropriate controls to effectively manage information risks as needed . Ensures compliance with industry, regulatory and L’Oreal Group defined policies and standards . Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk . Maintains strong working relationships with individuals and groups involved in managing information risks across the organization . Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews . Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary . Tracks remediation of audit issues noted in internal and external audit findings/reports . Assist with PCI compliance efforts as needed . Candidate Evaluation Criteria . Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies . A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business . Building enterprise IT risk management and governance and compliance programs . Strong organization, prioritization, rationalization and analytics skills . An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders . A well-developed understanding of and appreciation for business needs and a commitment to leading the information risk management team in delivering high-quality, prompt, and efficient service to the business . A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge . Strong organization, prioritization, rationalization and analytics skills . Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one . An ability to effectively influence others to modify their opinions, plans, or behaviors . An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner . A working knowledge of the following areas of technical expertise . information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit. Thorough understanding of application security fundamentals and general security technologies . Strong commitment and belief in ongoing learning and development . Typical Education and Experience . BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred . 5+ years of professional experience in the Retail IT, IT security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc . 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc . Industry certifications desirable e.g. CRISC, CISSP, CISM, CISA, PMP, etc . 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection. Expertise in AWS or Azure a plus . 3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies . We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status . If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation support.lorealusa.com. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.