Lead, Risk Management

Estée Lauder Companies
17h

About The Position

As the Cybersecurity Risk Management Lead within ECR’s Risk and Solutions team, you will work to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company.

Requirements

  • 5 years of practical experience in technology risk and control or IT audit (audit firm experience is a plus), including experience in project governance/management and understanding of business processes, key IT risk/controls, organizations, markets, retail, and/or manufacturing.
  • Strong communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas.
  • Ability to problem⁃solve, think creatively, challenge the status quo, and manage ambiguity.
  • Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.
  • Proficient in Microsoft Excel, Word, and PowerPoint, including data visualization Power BI.
  • Proficient in English as a business language.
  • Experience handling, securing, and communicating highly confidential and sensitive information.
  • 3 years minimum related experience.
  • Undergraduate degree in computer science/business or equivalent professional experience

Nice To Haves

  • CISSP/CISA/CISM/CRISC/CGEIT/ITIL or equivalent certification is desirable.

Responsibilities

  • Partner with ECR team members, IT stakeholders, and business owners to bring down the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
  • Collaborate to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements. Enable balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
  • Manage risk reduction tracker and maintain basic project management documentation tracking project tasks, status, ownership, issue closure, and timelines.
  • Support monthly Risk Reduction Governance Committee meetings.
  • Coordinate and manage cross-functional project teams to track overall remediation status while coordinating with applicable team and Program Managers.
  • Prepare and provide reporting (KRI) and dashboard status(s) on a scheduled basis.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service