Global Cybersecurity Governance and Awareness Lead

Overview

Reporting to the Head of Governance, Risk & Compliance you will be in charge of organizing the Cybersecurity Governance and Awareness at Global level.

Responsibilities

• The execution of all Governance and Awareness related projects.
• Managing the cybersecurity awareness & education program.
• Definition and maintenance of L'Oréal Group Cybersecurity Framework and communication on those requirements.
• Design and maintain the Cybersecurity Framework (policies, standards, and guidelines) to ensure it remains up to date with the evolving threat landscape and L'Oréal needs.
• Ensure applicability of the framework by ensuring that policies are realistic, technically feasible, and tailored to the operational constraints.
• Ensure the cybersecurity framework remains fully aligned with operational security activities and other cross-functional workstreams.
• Work with compliance team to design and implement the effective deployment strategy of security policies within Zones and Platforms.
• Assist cybersecurity managers in understanding and implementing the framework requirements within their specific contexts.
• Provide guidance and support in tracking the resolution of non-compliance issues or audit findings, ensuring long-term improvement.
• Ensure Cybersecurity Framework is well known and understood by the team.
• Report KPI.

Awareness Program

• Identify and evaluate top Human risks to the organization and behaviors to strengthen the organization's security culture and mitigate these risks.
• Design, deploy, and maintain a comprehensive global security awareness program that ensures regulatory compliance and addresses identified human risks.
• Ensure, in partnership with internal communication and Learning team, that Group / Zone / Market Cybersecurity awareness initiatives are properly deployed everywhere and to all populations.
• Tailor communication and training plans to diverse internal audiences, ensuring content is relevant to specific roles and risk profiles.
• Enhance the cybersecurity e-learning catalog, ensuring high-quality, engaging, and up-to-date content.
• Create and manage metrics that effectively measure the overall effectiveness of the Cybersecurity awareness program.
• Consolidate and analyze global and local awareness data to provide a unified view of performance and identify areas for continuous improvement.

Qualifications

• Professional experience: successful experience of at least 5 years in GRC (mainly awareness and/or Governance activities) within a consultancy firm or a Fortune 500 company.
• Technical skills:
  • Strong Cybersecurity knowledge, preferably supported by a worldwide certification in the field (CISSP, CISM, ISO 27001 LI/LA…).
  • Strong knowledge of governance frameworks (e.g., COSO, or COBIT for IT governance).
  • Good understanding of regulatory requirements like GDPR, NIS2 and CRA.
  • Knowledge of GRC platforms (e.g., ServiceNow) and Security Awareness tools.
• Management skills:
  • Ability to manage consultancy teams.
  • Ability to communicate complex ideas effectively, in English and French, with international stakeholders and with Cybersecurity stakeholders within the Group.
• Interpersonal skills:
  • Willingness to learn and develop new hard and soft skills.
  • Ability to navigate within a fast-moving environment.
  • Strong analytical skills.
  • Ability to lead workshops.
  • Fluency in English is essential.
  • Position based at St-Ouen (93) with regular meetings within Paris area and rare business trip abroad.

Benefits

• A place for you to leave your comfort zone and grow beyond your potential (you'll be encouraged to try new things and take risks!).
• Real responsibility from day 1, no sitting on the sidelines.
• An environment where people of every ethnicity, social background, age, religion, gender and sexual orientation as well as people with disabilities are accepted, can speak up, will thrive and are celebrated.
• A place where you can contribute to something bigger! Many of our brands have societal /environmental causes to make concrete difference.