IT Risk manager (H/F), Paris

Misssions

• Review and improve Cybersecurity risk management framework
• Validate with Key stakeholders Risk level, Risk strategy and Risk Appetite
• Build a transversal line of service:
• To collect and manage new project demand.
• Do a first level of Risk assessment.
• To support local Security Manager.
• To follow and ensure coherence of Risk Analysis
• To manage exceptions.
• To put in place and support Risk Management solution.
• Engage and advise stakeholders
• Work closely with team in charge of Third Party Risk management
• Review and maintain IT Security in projects methodology
• Consolidate Risks
• Continuously evaluate communication security, data vulnerability, business continuity and compliance risks
• Identify vulnerabilities or weaknesses in systems
• Evaluate security policy, processes and procedures for completeness
• Ensure that controls are adequate to protect sensitive information systems
• Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
• Provide mitigation/ damage reduction proposals with cost justification
• Identify defensive steps to take, starting by the existing security standards already available within L’Oréal
• Participate to education of Security, IT & Business stakeholders to Risk Management

Profile

Education:

• Master’s degree in Information Technology

Professional experience:

• You have a successful first experience of 5 years in the cybersecurity field within a consultancy firm or a Fortune 500 company

Technical skills:

• Knowledge of cybersecurity frameworks (NIST, OWASP, …)
• Knowledge and experience in auditing, security reviews or compliance reviews
• Knowledge and experience in risk analysis
• Knowledge of web technologies (CMS, development frameworks, API, application security, …)
• Knowledge of public cloud services (Azure, AWS, Google Cloud)

Management skills:

• Ability to manage and / or influence people
• Ability to communicate complex ideas effectively, both verbally and in writing, in English and French with international stakeholders and with cybersecurity stakeholders within the Group

Interpersonal skills:

• Good relationship
• Ability to convince and drive change
• Ability to navigate within a fast-moving environment
• Strong analytical skills
• Fluency in English is essential