The Estée Lauder Companies attracts the most outstanding people from diverse industries and nurtures their talents. Whether they work in one of our stores, on a production line, at our corporate headquarters in New York City or in one of our affiliates worldwide, our employees take pride in their contributions to our success.
The Estee Lauder Companies Senior Analyst, IT Risk Management in Long Island City, New York
Senior Analyst, IT Risk Management
Brand: Estée Lauder Companies
The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year. The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels.
ELC prizes the confidentiality of its consumers and therefore places a premium on cybersecurity. As the business world becomes increasingly digital and cyber threats grow in number and in sophistication, ELC will continue to invest and develop a proactive people-centered, cybersecurity program. The Global Information Risk and Security (GIRS) team spearheads these efforts.
The GIRS Risk and Compliance Senior Analyst focused on vendor risk will grow the global Vendor Risk Management (VRM) Program by standardizing processes and documentation, and will generate ongoing metrics, and performance and risk indicators. The purpose of the Vendor Risk Management program is to ensure that all suppliers, vendors and subcontractors comply with security best practices, laws. and regulations, as well as, ELC corporate policy, standards, and procedures.
This role necessarily deals with highly confidential and sensitive information, and the role is expected to confirm to best handling practices.
The Global Information Risk and Security (GIRS) Risk and Compliance Senior Analyst focused on vendor risk will work closely with internal stakeholders, including Legal, Compliance, Insurance, Finance, Procurement, Brands, Regions, and Functions to address security concerns and to recommend remediations to identified gaps.
Specifically, the individual will:
Implement/Improve upon the Vendor Risk Management assessment process, including a triage (risk profile) process.
Create and maintain a Vendor Risk Management vendor database.
Create a cadence for ongoing review of vendors based on critically.
Establish a Risk Register and Controls Framework.
Perform periodic risk assessments using the Register/Framework.
Develop and provide metrics on the above initiatives.
Recurring responsibilities include providing management status updates for all vendor security risk assessments, including communication pertaining to vendor inherent risk, critical services provided, security control gaps, required remediation and residual risk.
Secondary responsibilities include providing risk-based guidance to business sponsors to garner their full understanding, support and acceptance of the risks involved in doing business with each vendor.
Deliver innovative metrics to demonstrate the intrinsic value of a Vendor Management Program.
Experience in vendor risk management, and related areas, including Information Technology, (Technology) Risk Management, Controls, Internal Audit, Application Development, Networking, Software Development Lifecycle, Encryption, Business Continuity, Disaster Recovery, project governance/management, business processes, Regulatory and Legal Compliance.
Advanced understanding of policies, standards, and controls frameworks.
Strong oral and written communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas. Ability to problem-solve, think creatively, challenge the status quo, and manage ambiguity.
Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.
Experience with Governance, Risk, and Compliance (GRC) tools for tracking and reporting risk. Proficient in Microsoft Excel, Word, and PowerPoint, including data visualization. Proficient in English as a business language.
Experience handling, securing, and communicating highly confidential and sensitive information.
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply.
Job Number: 192337