Cybersecurity Risk Management

September 17, 2024

The Estée Lauder Companies

București

About Estée Lauder Companies
The Estée Lauder Companies is the global leader in prestige beauty — delighting consumers with transformative products and experiences, inspiring them to express their individual beauty. We are the only company focused solely on prestige makeup, skincare, fragrance, and hair care with a diverse portfolio of 25+ brands sold in approximately 150 countries and territories. Infused throughout our organization is a passion for creativity and imagination — a desire to push the boundaries and invent the unexpected — as we continue the bold work of our founder Estée Lauder.

Who We Are
Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world’s most prestigious beauty, skincare, and luxury fragrance brands? Then join our Risk Management team in Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). Our Risk Management team is responsible for identifying, assessing, and mitigating potential threats to the enterprise. This dynamic group actively shapes strategies, collaborates across functions, and fortifies the organization against evolving risks.
What You’ll Do
As the Lead, Cybersecurity Risk Management within ECR’s Risk and Solutions team, you will be crucial in driving innovation and helping the organization stay at the cutting edge of technical and resolution-focused risk management. Our risk management function relies more on technical solutions and risk mitigation than most programs, to modernize risk management and create more impact by the function.
You will work to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company.
You will provide risk review escalation and support as well as drive the overall education awareness regarding security approvals and users aligning to ECR documented policy procedures and IT standards and requirements. As we review, triage, and manage the escalation of risks at the company, this team provides a level of risk review scrutiny, a thorough review of business justifications, and documented evidence to support the granting of a decision and focus on mitigation rather than exemption.
This position will partner with ECR key stakeholders and various IT users to ensure that all technology systems, applications, infrastructure, and data are compliant with all applicable regulations, including internal and external auditing, Sarbanes-Oxley (SOX) regulations, privacy regulations, payment card industry (PCI) requirements, Data Integrity & Gx P compliance, CCPA (and others), the General Data Protection Regulations (GDPR) as applicable, and quality controls.
Therefore, you must have strong technical and business acumen, be able to manage disagreements, set priorities independently, and work effectively and efficiently to manage the expectations of our stakeholders.
You will be responsible for:

Partner with ECR team members, IT stakeholders, and business owners to bring down the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified
Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
Collaborate to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements
Enable balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
Maintain basic project management documentation tracking project tasks, status, ownership, issue closure, and timelines.
Lead project meetings and drive efforts while working closely with the SMEs and program team.
Coordinate and manage cross-functional project teams to track overall remediation status while coordinating with applicable team and Program Managers.
Prepare and provide reporting and dashboard status(s) on a scheduled basis.
Perform required analysis and actions related to the Risk Management program as required.
Develops and delivers risk reports to the leadership of the region of responsibility, including vulnerabilities and threats
Partners with the appropriate ECR leadership in data reporting to drive remediation of vulnerabilities oversight, ensuring appropriate risk escalation and reporting

Qualifications
Requirements:

BS in Cybersecurity, Computer Science, Computer Engineering, Systems Engineering, Engineering, or related IT discipline (or equivalent experience).
3-5+ years of relevant industry or risk management experience and/ or accreditation.
Information Security domain expertise, including familiarity with and/ or experience leading.
Identify and integrate Risk and compliance requirements (e.g., SOX, PCI, GDPR).
Ensure Policies, Standards, and Procedures are understood and adhered to.
Vendor Risk Management exposure is a plus.
Ability to effectively communicate with ECR/ IT leadership and end users.
Strong understanding of process management and respective industry best practices.
Prior IT and Operational Risk, Audit, or finance/controllership operational experience preferred.

Technical Proficiency:

Cybersecurity Knowledge: Cybersecurity skills include exposure to multiple cybersecurity domains e.g. cybersecurity architecture, engineering, operations, IDAM.
Expertise in cybersecurity attacks and controls and how one works against the other. Experience with industry cybersecurity best practices and domains, with a constant willingness to learn more.
IT proficiency including understanding of networks, application development, and infrastructure. Basic SDLC knowledge to include engineering and deployment plans and review boards.
Experience with e GRC tools and the Integrated Risk Modules within.
Problem-Solving and Proactivity: Ability to identify opportunities for improvement and assist in the implementation of solutions. Initiative and autonomy in supporting ECR’s strategic and operational goals.
Collaborative Mindset: Strong teamwork and community-building skills with the ability to collaborate effectively with cross-functional teams and stakeholders at various levels of seniority.
Administrative skill: Exposure to foundational data analytics. Basic Excel skills. Basic Power Point.
Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
Adaptability and Flexibility: Ability to work in a dynamic environment and adapt to changing priorities.
Attention to Detail: Strong organizational skills and attention to detail in data analysis and reporting.

Job: Information Technology
Primary Location: RO-B-Bucharest
Job Type: Standard
Schedule: Full-time
Shift: 1st (Day) Shift
Job Number: 2412451

We regret to inform you that this job opportunity is no longer available