The IT Security Lead is responsible for managing implementation of IT security & cyber risk management framework/technologies/tools specific to digital, ecommerce, emarketing and cloud environments (AWS, Azure, GCP). Advising business lines regarding information security cyber risks related to systems and processes used for the processing, storage, and transmission of our customers personal information/data and L’Oreal sensitive information assets. The IT Security Lead will work directly with the L’Oreal Digital IT, Legal, Sourcing, HR, etc. and with business line leaders to evaluate new, innovative, and existing digital initiatives/technologies and to inform and support collaborative cyber risk decisions with business partners. This role requires building and sustaining strong business partnership to identify, analyze, and influence the management of digital/cyber risks across various projects and platforms, including emerging & innovative technologies.
- Manages implementation of IT security and risk management framework/tools specific to digital, ecommerce, emarketing and cloud environments (AWS, Azure, GCP).
- Performs risk assessments and evaluate new technologies/innovative solutions, new vendors, and new services to ensure the security & protection of the L’Oreal’s digital & information assets, our customer’s personal information/data.
- Identify and oversee implementation of cybersecurity controls & processes over existing and new applications in the digital and cloud environments (AWS, Azure, GCP), including CRM, e-commerce websites, e-marketing websites, and mobile applications.
- Communicates risk assessment findings to stakeholders, internal customers, 3 rd party vendors, business partners, recommend and implement cybersecurity controls.
- Assist with PCI compliance as needed.
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
- Performs IT general controls assessment/evaluation, enterprise cybersecurity controls assessments, and other IT security related reviews.
- Monitors and assesses cyber risks utilizing security tools to proactively identify potential and new threats and escalate to management as necessary
- Tracks remediation of audit issues noted in internal and external audit findings/reports
- Provides leadership and consultative advice to digital IT, internal customers (legal, sourcing, divisions, brands) that enables them to make informed risk management decisions.
- Identifies and implements appropriate controls to effectively manage information risks as needed.
- Ensures compliance with industry, regulatory and L’Oreal Group defined policies, procedures, and standards
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
- Strong organization, project management, prioritization, and rationalization skills
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate option.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner.
- BS in Computer Science, Information Security, Information Systems, or a related field. Masters in these areas is preferred.
- 5+ years of professional experience in IT security, digital/ecommerce/emarketing security, cloud environment security, compliance and risk management, vendor risk assessment/management, cybersecurity, cryptography, data privacy, data security/protection, cybersecurity controls, business continuity management, audit management etc.
- 3+ years of experience in the Cloud Computing/Platform security/risk & controls, Cloud access & controls, Cloud data security/protection.
- Expertise in securing AWS/Azure/GCP cloud environments.
- Strong expertise & experience in IT security, digital/ecommerce/emarketing security, cloud environment security, compliance and risk management, vendor risk assessment/management, cybersecurity, cryptography, data privacy, data security/protection, cybersecurity controls, business continuity management, audit management.
- Thorough knowledge & understanding of cyber risks mitigation technologies/tool for digital/ecommerce/emarketing security, cloud environment (AWS, Azure, GCP) security.
- An ability to effectively influence others to modify their opinions, plans, or behaviors related to cyber risk.
- An ability to effectively manage competing priorities.
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals and consistent application of this knowledge.
Vacancy Type: Full Time
Job Location: Berkeley Heights, NJ, US
Application Deadline: N/A