The Estee Lauder Companies Manager, GIS Security Risk Management in New York, New York

Manager, GIS Security Risk Management

Brand: Estée Lauder Companies Corporate Departments


This role is part of the Technology Compliance team and plays a key part in the overall global risk and compliance programs for IT. This role will partner with global teams and within the Global Information Risk and Security team. The Senior IT Risk Analyst is responsible for leading the risk management effort within the Global IT Compliance team This includes:

  • Assess information risk and facilitate remediation of identified vulnerabilities across network, systems and applications including third party vendor management

  • Report on findings and recommendations for corrective action

  • Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios

  • Facilitate and monitor performance of risk remediation tasks, changes related to risk mitigation & report on findings

  • Provide status reports, including outstanding issues and update key leadership team and risk committees related to existing risk and mitigation plans.

Decision making: This role will include making decisions on how to reduce risk and implement appropriate controls to reduce or mitigate risk. These decisions will be communicated to GIS Leadership Team globally and will require negotiation for people and financial resources.

Independence: This role will work independently to run the risk program and will partner with the Executive Director and the CISO.

Problem Solving: This role needs to understand the technology landscape at ELC will enough to pull together technical teams where needed to identify and address risks.

Budget responsibility: This position will help shape financial requirements with the technical teams related to addressing risk.

Leadership: This role will provide work direction to members of the team as needed and will partner with the Executive Director and CISO.


Experience in IT Risk Programs including vendor and infrastructure risk

Advanced understanding of policies, standards and controls

Strong communication skills appropriate to explaining risk framework requirements to technical and non-technical leaders.

Experience with GRC (governance, risk, and compliance) tools for tracking and reporting risk.

Minimum Education level: Bachelor’s degree

Minimum Years of Experience: 6

% Travel Time: 15%

Required Language Proficiency: English

Licenses or Certifications:Professional technology certifications strongly preferred (Ex: CISSP, CISA, CISM, CRISC)

Job: Information Technology / GIS

Primary Location: Americas-US-NY-New York

Job Type: Standard

Schedule: Full-time

Shift: 1st (Day) Shift

Travel: Yes, 10 % of the Time

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. Job Number: 176022