Unleash Your Potential at L’Oréal’s Beauty Tech!

For more than a century, L’Oréal has devoted itself solely to one business: Beauty. Present in 150 countries across five continents and with €42 billion consolidated sales, L’Oréal is the global industry leader. With 37 global beauty brands across four divisions, L’Oréal offers beauty for each covering all beauty categories and catering to all beauty desires. With the acquisition of the Australian brand Aēsop in 2023, the Group continues to expand its portfolio through targeted acquisitions as part of its drive to create the future of beauty.

Today, L’Oréal includes more than 2,000 tech positions and is constantly growing. Beauty Tech is changing the game and leading the shift towards new consumer realities and a digital disruption. Championing Beauty Tech, we invent the beauty of the future while becoming the company of the future.

Beauty Tech is how we know our consumers intimately, augmenting their beauty journeys with unparalleled diverse and sustainable experiences. Beauty Tech equips the Group with the key assets it needs to conquer this new world, where Tech has become strategic. With this ambition, L’Oréal continues to recruit diverse, innovative, skilled and passionate minds in different tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications and Infrastructure.

YOUR FUTURE TEAM

Reporting to the Group CISO, the Head of Governance, Risk & Compliance (GRC) is responsible of organizing the Cybersecurity GRC department for the Group. He/she manages a team and is in charge of the GRC Management, Cybersecurity in Project & Third-Party Risk Management, Compliance, Continuous Monitoring and Cybersecurity Awareness.

He/she is in charge of:

• Reporting Cyber Risks to L’Oréal’s Enterprise Risk Management team.
• The execution of all GRC related projects.
• Managing the cybersecurity awareness & education program.
• Managing the communication regarding cybersecurity policies, risks & compliance.

This is a leadership role that requires an individual with a strong knowledge in GRC, able to communicate to leadership positions as well as the ability to work with different teams across the world with different cultures to align Cybersecurity priorities with key IT and Business objectives following a risk-based approach.

What a day in the life of the Head of Cybersecurity GRC looks like:

Governance:

• Define and maintains L’Oréal Group Cybersecurity Framework and communicate on those requirements.
• Ensure with CISO office & Transformation teams the run of the cybersecurity governance bodies (roles and committees).
• Manage cybersecurity in M&A.

Risk Management:

• Identify, estimate, evaluate Cybersecurity risks of the Group and ensure, with CISOs in charge, that proper mitigation actions are in place. Communicate on these risks with key stakeholders.
• Maintain the cartography of major cybersecurity risks, validate impacts and risk appetite with business and provide analysis and insights to the Enterprise Risk Management team.
• Support Cybersecurity in Projects teams (Group & zones) on all aspects of cybersecurity during projects.
• Manage the Third Parties Risk Management cybersecurity program and ensure proper cybersecurity requirements are included in contracts & appendixes.
• Develop connections with legal, VMO, Purchasing and internal audit teams.
• Develop a culture of cyber risks among all stakeholders and across the whole company through awareness and communication.

Compliance:

• Define, improve and keep up to date a comprehensive cybersecurity compliance program, including regulatory watch, requirements understanding and integration in internal policies, compliance monitoring and mitigation plans.
• Enforce and control the correct application of the Group’s Cybersecurity framework. Follow Group and Zone cybersecurity KPIs and controls.
• Act as the Cybersecurity point of contact to lead communications with internal and external auditors
• Ensure non compliances, audit recommendations and any other cybersecurity weaknesses are remediated in due time
• Drive global or cross-zone compliance projects or action plans (PCI-DSS, GDPR…).
• Define and implement cybersecurity continuous monitoring.
• Define, improve and keep up to date Group Cybersecurity Dashboards and KPI/KRI reporting.
• Animate regular meetings with cybersecurity leadership team and Group IT departments.

Cybersecurity Awareness / Education:

• Ensure, in partnership with internal communication, that Group / Zone / Market Cybersecurity awareness initiatives are properly deployed.
• Educate Group teams on Cybersecurity good practices.
• Develop a cybersecurity culture in L’Oréal.

THIS IS WHAT YOU WILL NEED TO SUCCEED!

First and foremost, we love people that are curious, collaborative, eager to have an impact, proactive and who value innovation, autonomy, and team spirit.

Secondly, in this specific position, it will be important for you to have:

• A minimum of 10 years of experience in Cybersecurity is required.
• Having previous experiences in GRC in large companies is a must.
• Proven and effective leadership skills, as well as demonstrated proficiency in providing required oversight for cybersecurity assessment and compliancy.
• Technical knowledge and experience in Information Technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts.
• Excellent interpersonal skills, as well as an ability to interface efficiently with employees, senior leadership, and external partners, clients, and customers.
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization.
• Fluent in English.

Technical & Professional Competencies :

• A minimum of 10 years of experience in Cybersecurity is required.
• Having previous experiences in GRC in large companies is a must.
• Proven and effective leadership skills, as well as demonstrated proficiency in providing required oversight for cybersecurity assessment and compliancy.
• Technical knowledge and experience in Information Technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts.
• Excellent interpersonal skills, as well as an ability to interface efficiently with employees, senior leadership, and external partners, clients, and customers.
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization.
• Fluent in English.

LET US GIVE YOU 6 OTHER REASONS TO JOIN US!

Joining L’Oréal means joining a company that:

1. Invests in Tech and positions its Tech teams at the heart of its digital transformation strategy.
2. Allows its employees to have a real impact, to test their ideas, to innovate and to build our future.
3. Offers a Hybrid Work Policy: 3 Days in Office, 2 Days Work from Home
4. Gives you access to a VIP staff shop offering our products at a preferential rate, a company restaurant & gym, 60% reimbursement of transportation subscription, a work council that provides many employee discounts (social & cultural activities, holiday vouchers etc.) and much more!
5. Provides a powerful and innovative HR policy : dynamic mobility policy, significant investment in employee training, regular re-evaluation of remuneration, numerous innovative HR measures: Time Savings Account, paternity leave, Citizen Day, etc.
6. Delivers a n Equal Opportunity Employer and take pride in a diverse environment. We would love to find out more about you as a candidate and we do not discriminate in recruitment, hiring, training, promotion, or other employment practices. The beauty we find in our differences gives us the freedom to go beyond. That’s the beauty of L’Oréal.

GOOD TO KNOW: THE RECRUITMENT PROCESS

1. Interview with HR
2. Interview with the hiring manager
3. Interview with the business leader

We will be delighted to exchange with you!

Want to learn more about L’Oréal Beauty Tech? C lick here.