The Governance & Compliance Manager is responsible for advising IT and business stakeholders on information security best practices and controls, compliance to applicable regulations, guidance related to information security governance, security training and awareness, policy management, information security metrics, and data protection.
The ideal candidate for this position is a proven Governance and Compliance expert with deep understanding of methods and techniques to drive successful outcomes and the ability to work with all levels up and down the organizational structure.
* The key responsibilities of the role are as follows: * Manage internal and external deliverable to ensure continued compliance with PCI-DSS requirements. * Ensures compliance with industry, regulatory and L'Oreal Group defined policies and standards. * Identify, evaluate, and assist with the implementation of an information governance solutions to provide systemic monitoring of the Information Governance program. * Promote training, awareness and best practices within the enterprise with regard to needed processes and procedures to maintain a secure operating model. * Participate in planning, scheduling and preliminary analysis for all internal and external audit projects. * Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverable. * Manage day-to-day activities, including policies, procedures, training and communication regarding the Information Governance Program. * In conjunction with Group Legal and Group Compliance identify information management and protection laws and regulations and implement actions to ensure compliance * Establish agreement and lead documentation efforts for process improvements related to security and compliance management. * Perform IT Governance Maturity Assessments for the respective IT Functional Areas. * Ensures compliance with industry, regulatory and L'Oreal Group defined policies and standards.
Candidate Evaluation Criteria
Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
* A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business. * Building enterprise governance and compliance programs. * Strong organization, prioritization, rationalization and analytics skills * An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders. * A well-developed understanding of and appreciation for business needs * A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge. * Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. * An ability to effectively influence others to modify their opinions, plans, or behaviors. * An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner. * Understanding of information security fundamentals and general security technologies.
Typical Education and Experience
* BS or higher degree in Computer science, Information Security, or equivalent experience * 5+ years of professional experience in IT security, compliance and risk management, including privacy, data protection, security controls, etc. * Industry-standard Information Security certifications such as CISSP, CISM, etc. * Six-Sigma Certification is a plus * Prior experience working with regulatory requirements and standards (PCI-DSS, GDPR, HIPAA, CCPA etc.) and frameworks (ISO2700x, NIST, OWASP, etc.) * Demonstrated experience in identifying, assessing, and mitigating, regulatory and compliance risk * Technical understanding of cloud infrastructure, networking, access controls, and change management. * Experience with ISO 27000, NIST, CIS and other information security frameworks * Hands on experience using GRC tools/technologies such as ServiceNow GRC or similar GRC tools/technologies.
* Familiarity with Incident Response processes and procedures. * Superior organization skills with the ability to quickly adapt to change * Basic experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc. * Understanding of Database Systems including MS SQL, MySQL, Oracle, etc. * Understanding of Security Best Practices * Understanding of Networking Concepts * Experience developing dashboards and views in PowerBI a plus * Strong project management skills with experience managing enterprise-wide projects * Effective oral and written communicator to both management and technical staff * Proven ability to assess risks and controls and to identify solutions to reduce risk * Demonstrated team player with strong and effective customer care skills. * Effective analytical and critical thinking skills - proven problem solving and follow-thru in high-pressure situations where information may be limited * Ability to plan, organize, prioritize, work independently and meet deadlines * Work with business owners on remediation plans that address identified gaps. * Ability to prioritize and work multiple efforts simultaneously * Strong verbal and written communication skills and ability to influence others * Ability to plan, organize, prioritize, work independently
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.
If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation@support.lorealusa.com. Please note this email will only respond to specific requests for assistance completing the application as a request for accommodation for a disability. All others will not be considered.
Let your dream job find you.
Sign up to start matching with top companies. It’s fast and free.