[L'oreal Korea] IT Security Manager - Corporate IT
[Job Summary]
Reporting to NA&SAPMENA (North-Asia & South-Asia Pacific Middle-East North-Africa) Zone Chief Information Security Officer and to Korea Chief Information Officer, this position will be responsible for all aspects of information security and technology
risk management across L¡¯Oréal Korea.
The ideal candidate will have a good exposure to different Cybersecurity area: Infrastructure, application security, risk management, Business Third Party risk, Compliance, Korea regulation (ISMS) and IT: Infra, Cloud, Digital; strong communication skills as well as the ability to work across the IT organization and the divisions to align information security priorities and controls with key business objectives.
-Lead the implementation and enforcement of information security governance including policies, standards, and procedures in collaboration with various counter-partners including HR, Legal, Finance, Zone and Global Security teams
-Development and execution of IT security education plans in partnership with internal communication to raise awareness
around IT security risks and best practices
-Ensure excellence in Information Security Operations and appropriate service level agreement in response to IT security
issues (Cybersecurity incidents, Threat & Vulnerability Management, IAM, etc)
-Ensure that all IT assets and services are secure, ranging from mobile devices, desktops, servers, Clouds and applications to networks through the implementation of best-in-class security measures
-Perform Risk Analysis of local projects and follow L¡¯Oreal Risk Management methodology
-Organize regular Cybercrisis simulation & DRP
-Act as the IT liaison to lead communications with internal and external auditors and ensure compliance
-Management of regulatory and compliance requirements ranging from leading IT efforts in litigations and investigations to
L¡¯Oréal Group policies and PCI/DSS compliance
-Be the point of contact for Zone NA&SAPMENA Cybersecurity projects to ensure local requirements are raised at the
beginning of the project and ensure a successful landing of the projectin the Zone
[Qualification & Preferred]
1. Education and knowledge
-Bachelor's degree from an accredited college or university is required. Master¡¯s degree preferred. A degree in Computer
Science, Information Security/Data Systems Management or a related field or discipline is ideal
-Good exposure on ISMS (ISO/IEC 27001/2) is preferred
-Certified Information Systems Security Professional (CISSP) certification is preferred
-Additional certifications (e.g., CRISC, CISM, CISA, PMP, Agile, etc.) ideal
2. Experience / Skills / Abilities
-A minimum of 7 years of combined experience in IT with at least 3 years in Information Security
-Good understanding and experience in information technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts
-Excellent interpersonal skills, as well as an ability to interface effectively with fellow employees, senior leadership of the
Corporation, and external partners, clients and customers
-Significant experience as a Project or Program Manager will be valuable
-Familiar with Korea Cybersecurity & Privacy regulations
-English & Korean working proficiency (oral, written)
The ideal candidate will meet the experience requirements identified above and preferably has background that includes:
-A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
-Involvement in support of risk management approaches
-Involvement in Cybersecurity incidents with interaction with regulation entities
-Solid experience in security related processes such as Risk Management, Vulnerability Management, Networking, Compliance and Auditing
-A thorough understanding of the implementation and maintenance of processes and the ability to identify business needs,
convert them to tasks and develop supporting documentation
-Superior communication skills, to include both verbal and written mediums
-Good understanding of Infrastructure including Cloud
-Experienced working in E-Commerce
-Experienced in providing awareness training