The Estee Lauder Companies Executive Director, Cyber Threat Management (Global) in New York, New York

Executive Director, Cyber Threat Management (Global)

Brand: Estée Lauder Companies Corporate Departments

Description

Position Summary:

Run a global team managing all aspects of cyber threat management, consistent with the threats and scale of a Fortune 500 retail and wholesale enterprise entering a period of rapid business growth through innovation and acquisition. This includes threat modeling, threat intelligence, incident detection, interruption of the kill chain, and damage control. Cyber Threat Management is expected to be involved in all aspects of business, including all brands, functions, and regions worldwide. Interaction with all levels of business leadership is expected as part of communicating both preparedness against attacks and the impact of attacks that do occur.

This position will build the team starting from existing resources (including employees, consultants, and outsourcing), structuring a revised organization scaled to evolving and growing business needs. Simultaneously, the function will be run by this position on a day to day basis. Thus the position must both operate and redefine the Threat Management function at the same time and therefore be familiar with change management.

This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

Key Responsibilities:

Lead the area of cyber threat management across the enterprise, providing direction in collaboration with Legal, HR, corporate security, and executive leadership across brands, functions, and regions.

Operate the Cyber Threat Management function with complete accountability. The Global Head of Threat Management is expected to operate the function independently under the strategic oversight of the Chief Information Security Officer.

Stop and mitigate complex attacks to protect ELC. This will require emergency decisions in response to active attacks outside of routine technology processes.

Execute on key operational decisions with potentially high impact affecting attacks and threats facing ELC. These include but are not limited to spam campaigns, malware campaigns, criminal operations, and nation-state operations.

Manage the full budget covering the Threat Management space. This role is fully accountable for several million dollars of operating budget, including full decision over hiring, consulting engagements, outsourcing, and services. Budget management includes assessing growth (or contraction) needs and making appropriate business cases to justify changes with support from business leadership.

Qualifications

Grade/Brand: 30.14

Position Summary:

Run a global team managing all aspects of cyber threat management, consistent with the threats and scale of a Fortune 500 retail and wholesale enterprise entering a period of rapid business growth through innovation and acquisition. This includes threat modeling, threat intelligence, incident detection, interruption of the kill chain, and damage control. Cyber Threat Management is expected to be involved in all aspects of business, including all brands, functions, and regions worldwide. Interaction with all levels of business leadership is expected as part of communicating both preparedness against attacks and the impact of attacks that do occur.

This position will build the team starting from existing resources (including employees, consultants, and outsourcing), structuring a revised organization scaled to evolving and growing business needs. Simultaneously, the function will be run by this position on a day to day basis. Thus the position must both operate and redefine the Threat Management function at the same time and therefore be familiar with change management.

This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

Qualifications:

Graduate-level in computer science or equivalent. 15 years’ experience. CISSP, CISM, CEH or equivalent desirable certifications. Deep IT security expertise, including familiarity with all aspects of cyber incident management, offensive and defensive technologies, intelligence gathering, forensics, reverse engineering, malware, attack patterns, abuse cases, and past incidents. Business understanding sufficient to correlate attackers’ motives to business impacts for risk management. Management skills to manage people with even deeper skills in those areas. Vendor management skills. Management of a 24/7 operation in cyber threat management. Executive-level communication skills.

EEO

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply.

Job: Information Technology / GIS

Primary Location: Americas-US-NY-New York

Job Type: Standard

Schedule: Full-time

Shift: 1st (Day) Shift

Travel: Yes, 25 % of the Time

Job Number: 152024