The latest news
Versace: New logos, location and line
Candidates line up to purchase Coty's professional beauty division
Lululemon announces closure of majority of stores in China due to coronavirus
Lacoste’s head of North and Central America exits, joins Sperry
Paris Fashion Week broadens its horizons
Antonio Marras shows eclectic post-punk collection, relaunches menswear
Jean-Charles de Castelbajac brings situationist style
Armani says fashion marketing 'raping' women
All fine and dandy at Emporio Armani
Galeries Lafayette sets up job protection plan at Guérin Joaillerie 6 months after buying Mauboussin
Tod’s: A vey plush debut by Walter Chiapponi
Brunello Cucinelli launches Taiwan JV with Bluebell Group
Firmenich looks to P&G for its new Perfumery chief
Tourist spending in Europe hit two-year high in 2019 says Planet
Bagir goes to court as Shandong Ruyi deal still not complete, but says order pipeline is strong
Burton Snowboards promotes John Lacy to CEO, names Donna Carpenter as board chair
Wolverine Worldwide settles west Michigan water contamination suit
Go Global Retail completes acquisition of ModCloth
Dua Lipa x Pepe Jeans, a €6m+ collaboration
Hudson's Bay embraces nostalgia with immersive pop-up shop
Gap partners with ThredUp for second-hand clothing drive
Fendi pumps up its soft power
Text size
aA+ aA-
Click here to print

l'Oreal Usa, IT Digital Risk Manager

Country : USA

State : New York

Town : New York

Category : IT - Web

Contract type : Permanent

Availability : Full time

Job description

Location: Berkeley Heights, New Jersey - approx. 20%

The IT Risk Senior Manager is responsible for advising business lines regarding information security and for managing risks related to systems and processes used for the processing, storage, and transmission of information. The IT Risk Senior Manager will work directly with the L'Oreal Americas Digital IT team and with business line leaders to evaluate new and existing digital initiatives and to inform and support collaborative risk decisions with business partners. This role requires strong business partnership to identify, analyze, and influence the management of Digital/Cyber risks across various projects and platforms, including emerging technologies.

The IT Risk Senior Manager is also responsible for implementing and maintaining IT Security program to protect the company's Digital assets, as well as managing information security compliance. It also requires monitoring and assessing Digital/Cyber risks utilizing security tools to proactively identify potential new threats and escalating as necessary.

The ideal candidate for this position is a proven thought leader, with business results and problem solving mindset, integrator of people and processes, as well as an effective internal consultant. The individual must also possess solid executive communication skills and domain competencies in a number of IT-risk-related disciplines/areas; IT risk management, IT vendor risk assessment/management, cybersecurity, access controls, IT general controls, IT audit, cryptography, business continuity, data privacy and compliance.

Key Role Responsibilities
- Manages implementation of IT security and risk management framework/tools specific to digital, eCommerce, eMarketing and cloud environments.
- Performs risk assessments of existing or new services, technologies and vendors to ensure the protection of the organization's information assets and our customer information
- Identify and oversee implementation of security controls and processes over existing and new applications in digital environment, including CRM, e-marketing sites, e-commerce sites and mobile applications.
- Communicates risk assessment findings to stakeholders and internal customers.
- Provides leadership and consultative advice to information security customers that enables them to make informed risk management decisions
- Identifies and implements appropriate controls to effectively manage information risks as needed
- Ensures compliance with industry, regulatory and L'Oreal Group defined policies and standards
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
- Performs IT general controls assessment/evaluation, enterprise security controls assessments, and other IT security related reviews
- Monitors and assesses cyber risks utilizing security tools to proactively identify potential new threats and escalate to management as necessary
- Tracks remediation of audit issues noted in internal and external audit findings/reports
- Assist with PCI compliance as needed.

Candidate Evaluation Criteria
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
- Building enterprise IT risk management and governance and compliance programs
- Strong organization, prioritization, and rationalization skills
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- An ability to effectively influence others to modify their opinions, plans, or behaviors
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals and consistent application of this knowledge
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- A working knowledge of the following areas of technical expertise: information policy formulation, cyber security management, IT risk assessment and management, business continuity management/disaster recovery, IT vulnerability management, and organizational change management, IT financial management and IT audit
- Thorough understanding of application security fundamentals and general security technologies.
- Strong commitment and belief in ongoing learning and development.

Typical Education and Experience:

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:
- BS in Computer Science, Information Security, Information Systems, or a related field. MBA is preferred
- 5+ years of professional experience in IT security, digital / eCommerce / eMarketing security, compliance and risk management, vendor risk assessment/management, cyber security, cryptography, data privacy, data security/protection, security controls, business continuity management/disaster recovery, etc.
- 5+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, etc.
- Industry certifications desirable (e.g. CRISC, CISSP, CISM, CISA, PMP, etc.).
- 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection. Expertise in AWS or Azure a plus.
- 3+ years of hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies. If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation@support.lorealusa.com. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.
Click here to print

Similar Offers

Employee Experience IT Manager

access_time | place New york

Fashion Jobs

l'Oreal IT, Senior Manager, Sap Fico

access_time | how_to_reg Permanent | place Berkeley heights

l'Oreal Usa, IT Business Analyst (Saloncentric)

access_time | how_to_reg Permanent | place St. petersburg

IT Project Manager

access_time | how_to_reg Permanent | place Parsippany-troy hills

IT Service Desk Specialist

A & F
access_time | how_to_reg Permanent | place Columbus

IT Cyber Defense Manager

access_time | how_to_reg Permanent | place Marlborough

Manager, IT Service Desk

access_time | how_to_reg Permanent | place Westford

l'Oreal Usa, IT Digital Risk Manager

access_time | how_to_reg Permanent | place New york

l'Oreal IT Sap wm Business Analyst

access_time | how_to_reg Permanent | place Berkeley heights

sr. Manager, IT (Store Systems)

access_time | how_to_reg Permanent | place Dublin

IT Manager - Quality Assurance

access_time | how_to_reg Permanent | place Denton