Job Description

Reporting directly to Chief Information Security Officer of North Asia and SAPMENA, this position will be responsible for all aspects of cybersecurity and technology risk management across L\'Or\xc3\xa9al ASEAN & ANZ (Australia, Indonesia, Malaysia, New Zealand, Philippines, Singapore, Thailand, and Vietnam). The role will be acting as the BRM (business relationship manager) for South Asia countries and coordinate the roll-out of L\'Or\xc3\xa9al group cybersecurity program with the in-scope perimeters.This is a leadership role that requires an individual with a strong communication skill, as well as the ability to work across the IT organization, divisions, and the business teams to align information security priorities and controls with key business objectives.

• Work closely with the business team including the senior leadership to ensure the properly roll-out of global security program
• Maintain the good relationship with business teams, deal with the business demanding and leverage the existing cybersecurity line of services to deal with the business request
• Lead the development and implementation of the global cybersecurity program, support the cybersecurity regional team and central PMO on global cybersecurity projects prioritization
• Development, implementation, and enforcement of information security governance including policies, standards, and procedures in collaboration with business and support functions teams, e.g., legal
• Development and execution of IT security education plans in partnership with internal communication to raise awareness around IT security risks and best practices
• Ensure excellence in Information security operations and appropriate service level agreement in response to IT security issues
• Management of regulatory and compliance requirements ranging from leading IT efforts in litigations and investigations to L\'Or\xc3\xa9al Group policies
• Act as the IT liaison to lead communications with internal and external auditors and ensure compliance
• Selection and management of external security management vendors and service providers to support security planning and implementation as organizational needs and resource levels required
• Ensure appropriate information security Incident Management and escalation
• Support major, and complex information security operations and technology projects that have tactical, operational, and strategic impact to all business segments
• Ensure a healthy balance between real-world risks and the business need for speed, agility, flexibility, and performance
• Ensure information security collaboration and compliance at the zone and group level

Requirments:Bachelor\'s or master\'s degree in Computer Science, Information Security or a related field or discipline is ideal. A minimum of 10+ years of combined experience with in-depth technical knowledge and experience in information security, security operations, security project management etc. Professional industry certifications are preferred, e.g., CISSP, CRISC, CISM, CISA, CRISC, PMP, etc.

• Proven and effective leadership skills, as well as demonstrated proficiency in providing requisite oversight for information security operations
• Excellent interpersonal skills, as well as an ability to interface effectively with senior leadership of the corporation, employees, and external partners etc.

The ideal candidate will meet the experience requirements identified above and will also reflect a background that includes:

• Previous experience in support of IT digital and/or cybersecurity transformation
• A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
• Dedication to compliance as reflected in comprehensive policy, standard, and procedure development and implementation
• Solid experience in security related processes such as risk management, vulnerability management etc.
• Demonstrated project management skills and experience for better coordinating the global cybersecurity program

L\'Or\xc3\xa9al