The Estee Lauder Companies Manager, GIS Security Risk Management in New York, New York
Manager, GIS Security Risk Management
Brand: Estée Lauder Companies Corporate Departments
This role is part of the Technology Compliance team and plays a key part in the overall global risk and compliance programs for IT. This role will partner with global teams and within the Global Information Risk and Security team. The Senior IT Risk Analyst is responsible for leading the risk management effort within the Global IT Compliance team This includes:
Assess information risk and facilitate remediation of identified vulnerabilities across network, systems and applications including third party vendor management
Report on findings and recommendations for corrective action
Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios
Facilitate and monitor performance of risk remediation tasks, changes related to risk mitigation & report on findings
Provide status reports, including outstanding issues and update key leadership team and risk committees related to existing risk and mitigation plans.
Decision making: This role will include making decisions on how to reduce risk and implement appropriate controls to reduce or mitigate risk. These decisions will be communicated to GIS Leadership Team globally and will require negotiation for people and financial resources.
Independence: This role will work independently to run the risk program and will partner with the Executive Director and the CISO.
Problem Solving: This role needs to understand the technology landscape at ELC will enough to pull together technical teams where needed to identify and address risks.
Budget responsibility: This position will help shape financial requirements with the technical teams related to addressing risk.
Leadership: This role will provide work direction to members of the team as needed and will partner with the Executive Director and CISO.
Experience in IT Risk Programs including vendor and infrastructure risk
Advanced understanding of policies, standards and controls
Strong communication skills appropriate to explaining risk framework requirements to technical and non-technical leaders.
Experience with GRC (governance, risk, and compliance) tools for tracking and reporting risk.
Minimum Education level: Bachelor’s degree
Minimum Years of Experience: 6
% Travel Time: 15%
Required Language Proficiency: English
Licenses or Certifications:Professional technology certifications strongly preferred (Ex: CISSP, CISA, CISM, CRISC)
Job: Information Technology / GIS
Primary Location: Americas-US-NY-New York
Job Type: Standard
Shift: 1st (Day) Shift
Travel: Yes, 10 % of the Time
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. Job Number: 176022