[L'oreal Korea] IT Security Manager - Corporate IT

[Job Summary]
Reporting to NA&SAPMENA (North-Asia & South-Asia Pacific Middle-East North-Africa) Zone Chief Information Security Officer and to Korea Chief Information Officer, this position will be responsible for all aspects of information security and technology 
risk management across L’Oréal Korea.

The ideal candidate will have a good exposure to different Cybersecurity area: Infrastructure, application security, risk management, Business Third Party risk, Compliance, Korea regulation (ISMS) and IT: Infra, Cloud, Digital; strong communication skills as well as the ability to work across the IT organization and the divisions to align information security priorities and controls with key business objectives.

-Lead the implementation and enforcement of information security governance including policies, standards, and procedures in collaboration with various counter-partners including HR, Legal, Finance, Zone and Global Security teams
-Development and execution of IT security education plans in partnership with internal communication to raise awareness 
around IT security risks and best practices
-Ensure excellence in Information Security Operations and appropriate service level agreement in response to IT security 
issues (Cybersecurity incidents, Threat & Vulnerability Management, IAM, etc) 
-Ensure that all IT assets and services are secure, ranging from mobile devices, desktops, servers, Clouds and applications to networks through the implementation of best-in-class security measures 
-Perform Risk Analysis of local projects and follow L’Oreal Risk Management methodology
-Organize regular Cybercrisis simulation & DRP
-Act as the IT liaison to lead communications with internal and external auditors and ensure compliance
-Management of regulatory and compliance requirements ranging from leading IT efforts in litigations and investigations to 
L’Oréal Group policies and PCI/DSS compliance
-Be the point of contact for Zone NA&SAPMENA Cybersecurity projects to ensure local requirements are raised at the 
beginning of the project and ensure a successful landing of the projectin the Zone

[Qualification & Preferred]

1. Education and knowledge
-Bachelor's degree from an accredited college or university is required. Master’s degree preferred. A degree in Computer 
Science, Information Security/Data Systems Management or a related field or discipline is ideal 
-Good exposure on ISMS (ISO/IEC 27001/2) is preferred
-Certified Information Systems Security Professional (CISSP) certification is preferred 
-Additional certifications (e.g., CRISC, CISM, CISA, PMP, Agile, etc.) ideal

 2. Experience / Skills / Abilities
-A minimum of 7 years of combined experience in IT with at least 3 years in Information Security
-Good understanding and experience in information technology, computing systems, network technologies, security operations, security technologies, systems integration, and the application of information security concepts 
-Excellent interpersonal skills, as well as an ability to interface effectively with fellow employees, senior leadership of the 
Corporation, and external partners, clients and customers
-Significant experience as a Project or Program Manager will be valuable
-Familiar with Korea Cybersecurity & Privacy regulations
-English & Korean working proficiency (oral, written)

The ideal candidate will meet the experience requirements identified above and preferably has background that includes:
-A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business
-Involvement in support of risk management approaches
-Involvement in Cybersecurity incidents with interaction with regulation entities
-Solid experience in security related processes such as Risk Management, Vulnerability Management, Networking, Compliance and Auditing
-A thorough understanding of the implementation and maintenance of processes and the ability to identify business needs, 
convert them to tasks and develop supporting documentation 
-Superior communication skills, to include both verbal and written mediums
-Good understanding of Infrastructure including Cloud
-Experienced working in E-Commerce
-Experienced in providing awareness training

**Resume is required to apply