IT Risk manager (H/F), Paris

Bei L’Oréal wissen wir: Echte Innovation und Kreativität entstehen aus Vielfalt. Deshalb fördern wir aktiv ein Arbeitsumfeld, das auf Chancengerechtigkeit, Vielfalt und Inklusion basiert. Wir schätzen die einzigartigen Perspektiven und Talente unserer Mitarbeitenden als Schlüssel zu unserem Erfolg. Diskriminierung oder Belästigung jeglicher Art, z.B. basierend auf Geschlecht, Hautfarbe, Religion, sexueller Orientierung, geschlechtlicher Identität, Alter, Herkunft, Behinderung, oder anderen geschützten Merkmalen, wird bei uns nicht toleriert. Vielfalt und Inklusion sind fest in unserer Unternehmenskultur verankert. Wenn du mehr darüber und über unsere Initiativen in diesem Bereich erfahren möchtest, schau gerne hier vorbei.

Misssions

• Review and improve Cybersecurity risk management framework
• Validate with Key stakeholders Risk level, Risk strategy and Risk Appetite
• Build a transversal line of service:
• To collect and manage new project demand.
• Do a first level of Risk assessment.
• To support local Security Manager.
• To follow and ensure coherence of Risk Analysis
• To manage exceptions.
• To put in place and support Risk Management solution.
• Engage and advise stakeholders
• Work closely with team in charge of Third Party Risk management
• Review and maintain IT Security in projects methodology
• Consolidate Risks
• Continuously evaluate communication security, data vulnerability, business continuity and compliance risks
• Identify vulnerabilities or weaknesses in systems
• Evaluate security policy, processes and procedures for completeness
• Ensure that controls are adequate to protect sensitive information systems
• Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
• Provide mitigation/ damage reduction proposals with cost justification
• Identify defensive steps to take, starting by the existing security standards already available within L’Oréal
• Participate to education of Security, IT & Business stakeholders to Risk Management

Profile

Education:

• Master’s degree in Information Technology

Professional experience:

• You have a successful first experience of 5 years in the cybersecurity field within a consultancy firm or a Fortune 500 company

Technical skills:

• Knowledge of cybersecurity frameworks (NIST, OWASP, …)
• Knowledge and experience in auditing, security reviews or compliance reviews
• Knowledge and experience in risk analysis
• Knowledge of web technologies (CMS, development frameworks, API, application security, …)
• Knowledge of public cloud services (Azure, AWS, Google Cloud)

Management skills:

• Ability to manage and / or influence people
• Ability to communicate complex ideas effectively, both verbally and in writing, in English and French with international stakeholders and with cybersecurity stakeholders within the Group

Interpersonal skills:

• Good relationship
• Ability to convince and drive change
• Ability to navigate within a fast-moving environment
• Strong analytical skills
• Fluency in English is essential