Position Summary: The Lead of Cybersecurity Risk and Solutions for M&A will be responsible for supporting the Head of Americas Cybersecurity Risk and Solutions to ensure that all technology systems and data for ELC M&As are compliant with all applicable regulations, including internal and external auditing, Sarbanes-Oxley (SOX) regulations, privacy regulations, payment card industry (PCI) requirements, FDA, CCPA (and others), the General Data Protection Regulations (GDPR) as applicable, and quality controls. This will require significant work with internal stakeholders dedicated to strategic M&A activity. Compliance is critical to continued operation of the company's businesses worldwide. This role supports in the management of the process of collecting evidence to demonstrate compliance, directs remediation across the proposed M&A activity for non-compliant systems or areas of explicit cybersecurity concern. This requires understanding of regulations, technical constraints, and business constraints, areas that must be carefully balanced. More nuanced, however, is the responsibility of this role to directly interact with the IT and business leader(s) of the M&A activities, to make transparent the cybersecurity threats and risks specific to this area of responsibility. This role supports the business in identifying, assessing and remediating Technology, Data and Cybersecurity Risk in their region of responsibility. This role is accountable to the Head of ECR Risk & Solutions for the Americas, as well as the framework and strategy set by the CISO, and for working in close collaboration with the other regional Risk and Solutions resources to ensure enterprise-wide visibility for the CISO into the risk posture of the organization. This role will also support in the maintenance of the region's Cybersecurity Risk Register in alignment with the CISO's Enterprise Cybersecurity Risk Register and Framework, creating and providing to the Global Head of Cybersecurity Risk, Solutions & Assurance the reporting on Key Risk Indicators for Corporate Risk Committees for her/his area of responsibility. This role is the day-to-day responsible for supporting the organization's M&A activities from the information- and cybersecurity perspective, leveraging and coordinating the ECR team to participate in such meetings, assessments and sign-offs, as required.
Key Responsibilities: Responsible to support the Sr Tech Director of Risk, Solutions and Assurance for the Americas in activities that include, but are not limited to: •Conducting technical and process Information- and Cybersecurity consulting across M&A activity, ensuring appropriate risk identification and reporting across the same •Ensuring technology compliance across a complex landscape by developing a repeatable, sustainable, and evolving program for M&A due diligence •Developing and delivering risk reports to the leadership of for M&A activity, including vulnerabilities and threats •Assessing the embedment of information and cybersecurity across all M&A entity's products and platforms (including web-based, cloud housed, .com, and POS) •Ensuring the Cyber Threat Management Center (CMTC) has full visibility across the M&A integration, and for participating in Incident Response as directed by the IR lead •Ensuring all products and platforms of the M&A entity are built to the standards of the Information Security Policy and Data Privacy standard(s), and for assessing, assembling, and providing risk visibility to the Sr Technical Director and the Global Head of ECR Risk, Solutions and Assurance •Tailoring and delivery of Information Security awareness and training across the M&A diligence team, in alignment with the strategy and framework of the ECR Lead for Awareness and Training •Partnering with Head of Cybersecurity Threat Management Center to drive remediation of vulnerabilities that are outstanding across the M&A entity, preferably before the integration, ensuring appropriate risk elevation and reporting for outstanding or repeat items •Ensuring the utilization of the Risk exception handling process for the M&A entity and elevation/reporting of the same
•BS in Cybersecurity, Computer Science, Computer Engineering, Systems Engineering or related IT discipline •5 years relevant industry or risk management experience and/or accreditation •Risk Management experience and robust understanding of IT and Operational Risk Management framework, including the construction of an effective control environment •Finance experience with an emphasis on M&A activity preferred, especially with regard to SOX systems integration, PCI systems compliancy, ERP and BI integration, etc. •Vast information security expertise, including familiarity with and/or experience leading: -Risk and compliance (e.g. SOX, PCI, FDA, GDPR) -Policies, Standards, and Procedures -Business Continuity/Disaster Recovery -Application Security -Awareness and Compliance Training -Information Security Metrics -Vendor Risk Management •Business expertise to tailor solutions to the retail, manufacturing, and wholesale sectors and associated risk appetites •Superior communication, facilitation and consensus-building skills •Ability to effectively communicate with executive functional leadership, and to influence M&A activity based upon cyber posture •Organizational awareness with an understanding of how to engage the organization to achieve results •Strong understanding of process management and respective industry best practices •Prior IT and Operational Risk, Audit, or finance/controllership operational experience preferred •Superior multi-tasking skills and the ability to work in a fast-paced, often deadline-oriented and dynamic environment •Prior experience in M&A activity from a technology and/or information- and cybersecurity perspective
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
Job Number: 202253
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.
Apply on company website