L'Oreal - Manager - Information Systems Security (6-8 yrs)
The world leader in cosmetics, L'Oreal is present in 130 countries on five continents. Our 34 international brands have allowed us to devote ourselves solely to one business: beauty, with a mission to provide the best in cosmetics innovation to all women and men globally. Our ambition by 2020 is to win over another one billion consumers around the world by inventing the cosmetic products that meet the infinite diversity of their needs and desires through continued digital innovation. L'Oreal supports diversity and sustainable, ethical sourcing for all our products and we have reduced our emissions by approx. 50% since 2005.
The DNA of L'Oreal is Innovation and we are driven by a real passion for the future. Our Research and Innovation Centres in India are the sixth innovation hub for L'Oreal worldwide to fuel local market innovations. In our quest to win the next billion consumers, we are looking for talented individuals who can lead us on this mission.
Would you like to be a part of the adventure ?
- We have a suitable opportunity in the function of IT for the position of Information Systems Security Manager. This is an individual contributor responsible for all aspects of information security and technology risk management across L'Oreal India. (Divisions, Factories, R&I)
- You are someone who comes with a strong technical background, as well as the ability to work across the IT organization and the divisions to align information security priorities and controls with key business objectives.
- You come with 6-8 years of total work experience in IT with at-least 4 years in Information security management with relevant certifications. The location of the job will be in Mumbai.
Key Responsibilities :
- Lead the development and implementation of a comprehensive information security program
- Identification of information technology risks, communication and development of best practice solutions, and implementation of mitigating controls consistent with company strategy.
- Development, implementation and enforcement of information security governance including policies, standards and procedures in collaboration with HR and Legal.
- Development and execution of IT security education plans in partnership with internal communication to raise awareness around IT security risks and best practices.
- Ensure that all IT assets and services are secure, ranging from mobile devices, desktops, servers and applications to networks through the implementation of best-in-class security measures.
- Management of regulatory and compliance requirements ranging from leading IT efforts in litigations and investigations to L'Oreal Group policies and PCI/DSS compliance
- Act as the IT liaison to lead communications with internal and external auditors and ensure compliance.
- Development, execution and monitoring of disaster recovery plans for all critical IT assets throughout the organization
- Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels required
- Ensure appropriate information security Incident Management and escalation.
- Support major and complex information security operations and technology projects that have tactical, operational and strategic impact to all business segments
- Maintain reliable, up-to-date information from across the industry regarding information security operations, to include actionable intelligence pertaining to new and existing threats and critical action plans, and incorporate those facts and findings into an operational response
- Ensure a healthy balance between real-world risks and the business need for speed, agility, flexibility and performance
- Ensure information security collaboration and compliance at the Zone and Group level
- Your experience and competency in the following areas will be advantageous for this role
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
- Ability to analyze information security technical issues within the context of their potential impact on the Corporation's business requirements and processes
- Solid experience in security related processes such as Risk Management, Vulnerability Management, Networking, Compliance and Auditing is ideal.
- System audits, compliance practices, SOPs, DR (disaster recovery), BCP (business continuity planning) and Risk Assessment / Mitigation
- Superior communication skills, to include both verbal and written mediums.
- Demonstrated project management skills and experience
- In-depth working knowledge of information security tools
- Professional development organizational involvement (e.g., ISC2 or ISACA)
Educational qualification :
- Bachelor's degree from an accredited college or university is required. A degree in Computer Science, Information Security/Data Systems Management or a related field or discipline is a necessity.
- Good exposure on ISMS (ISO/IEC 27001/2) is preferred
- Certified Information Systems Security Professional (CISSP) certification is preferred
- Mandatory to have either of the following certification: CISM (Certified Information Security Manager), SSCP (Systems Security Certified Practitioner)
(Any of the above certification is mandatory.)
Additional certifications (e.g., CRISC, PMP, ITIL Foundation, etc.)
Work Experience :
- Ranging between 6-8 years of combined experience in IT with at-least 4 years in Information security management.
- Working knowledge of tools such as IDS/IPS Tool, Cloudfare, Z-Scaler, CipherCloud, Centrify
- In-depth technical knowledge and experience in information technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts
- Proven and effective leadership skills, as well as demonstrated proficiency in providing requisite oversight for information security operations and incident management
- Excellent interpersonal skills, as well as an ability to interface effectively with fellow employees, senior leadership of the Corporation, and external partners, clients and customers
- Ability to manage and operate IT Infrastructure Teams and Services
Applicants will be redirected to the careers page where they will have to register for their candidature to be considered.