Cybersecurity Risk Manager

We're not just building brands at L’Oreal, we're shaping how the world experiences beauty (and it takes a lot of cool jobs to do it).
Intrigued? Keep reading, this might be the opportunity you've been searching for.
**A Day in the Life**:
As a Cybersecurity Risk Manager, reporting to the North Asia & SAPMENA GRC Lead, you will be crucial in safeguarding L'Oréal's information assets and ensuring compliance with cybersecurity regulations. This role offers a unique opportunity to contribute to a global organization committed to innovation and excellence.
Payment Card Industry Data Security Standard (PCI DSS) program implementation
- Drive the implementation and maintenance of PCI DSS compliance end-to-end.
- Develop and maintain documentation related to PCI DSS controls, policies and procedures.
- Collaborate cross-functions to ensure alignment on PCI DSS compliance efforts.
- Manage and track remediation efforts for any identified gaps or vulnerabilities.
- Develop and implement risk mitigation strategies to address identified risks.
- Provide training and awareness programs to employees on PCI DSS requirements and their responsibilities.
- Monitor and report on PCI DSS compliance status to the relevant stakeholders and management.

Security Awareness
- Drive and support the development, implementation, and continuous improvement of the security awareness program.
- Conceptualise and prepare for execution of security awareness program e.g. awareness events, seminars, webinars, etc
- Collaborate with cross-functional teams to promote cybersecurity awareness and best practices.

**Risk Assessment and Management**:

- Identify and assess cybersecurity risks across the organization.
- Develop and implement risk mitigation strategies and controls.
- Monitor and report on the effectiveness of risk management efforts including establishing key risk indicators (KRI) and key control indicators (KCI) for tracking.
- Maintain a risk register to reflect the organisation’s cybersecurity risk profile
- Track the progress of risk remediation and ensure timely completion.
- Incorporate threat intelligence and vulnerability scanning data into risk assessments

**Compliance and Governance**:

- Work with various stakeholders to ensure compliance with relevant cybersecurity regulations and standards.
- Maintain cybersecurity policies, procedures, and guidelines.

**Key Responsibilities**:

- Enhance Cybersecurity Risk Management: Develop, implement, and continuously improve cybersecurity risk management strategies and frameworks.
- Ensure Security Integration and Compliance: Integrate security considerations into projects, ensure compliance with regulations, and enhance cybersecurity controls.
- Drive Governance and Awareness: Develop and implement cybersecurity policies, awareness programs, and communication strategies, while identifying and controlling shadow IT.
- Provide guidance and support on cybersecurity matters to stakeholders across organization to facilitate and promote the understanding of cybersecurity requirements.

**We Are Looking For**:

- Bachelor's degree in Information Systems or a related field.
- Experience in working with PCI DSS program
- Experience in cybersecurity risk management.
- Knowledge of industry standards and regulatory requirements, especially PCI DSS (e.g. NIST, ISO 27001, GDPR)
- Strong communication and stakeholder management skills
- Excellent critical thinking and problem-solving skills.
- Strong understanding of cybersecurity threats, vulnerabilities, and risks.
- Good knowledge of cybersecurity techniques and technologies.
- Relevant certifications (e.g. CISSP, CISM, CRISC) are highly desirable.

What’s In It for You
- A place to leave your comfort zone and grow beyond your potential (here, you’ll be encouraged to try new things and take risks)
- Real responsibility from day 1; there’s no sitting on the sidelines at L’Oréal.
- A place where you can contribute to something bigger Many of our brands have societal /environmental causes to make a concrete difference.

Who We Are
L’Oréal is present in 150 markets on five continents. For more than a century, L’Oréal has devoted itself solely to ‘Creating beauty that moves the world’; it is now the industry leader with €42 billion in consolidated sales. Together, we solve complex challenges at scale while staying committed to making the world a more inclusive and better place for everyone and our planet.
Today, L’Oréal includes over 9k experts in beauty tech, digital, data and e-commerce and is constantly growing. Championing Beauty Tech, we invent the beauty of the future while becoming the company of the future.
To achieve this ambition, L’Oréal continues recruiting diverse, innovative, skilled, and passionate minds in tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications, and Infrastructure.