Global Cybersecurity Governance and Awareness Lead

Job Overview

Reporting to the Head of Governance, Risk & Compliance you will be in charge of organizing the Cybersecurity Governance and Awareness at Global level.

Responsibilities

• The execution of all Governance and Awareness related projects.
• Managing the cybersecurity awareness & education program.
• Definition and maintenance of L’Oréal Group Cybersecurity Framework and communication on those requirements.

Main Missions

Governance

• Design and maintain the Cybersecurity Framework (policies, standards, and guidelines) to ensure it remains up to date with the evolving threat landscape and L'Oréal needs.
• Ensure applicability of the framework by ensuring that policies are realistic, technically feasible, and tailored to the operational constraints.
• Ensure the cybersecurity framework remains fully aligned with operational security activities and other cross-functional workstreams.
• Work with compliance team to design and implement the effective deployment strategy of security policies within Zones and Platforms.
• Assist cybersecurity managers in understanding and implementing the framework requirements within their specific contexts.
• Provide guidance and support in tracking the resolution of non-compliance issues or audit findings, ensuring long-term improvement.
• Ensure Cybersecurity Framework is well known and understood by the team.
• Report KPI.

Awareness Program

• Identify and evaluate top Human risks to the organization and behaviors to strengthen the organization’s security culture and mitigate these risks.
• Design, deploy, and maintain a comprehensive global security awareness program that ensures regulatory compliance and addresses identified human risks.
• Ensure, in partnership with internal communication and Learning team, that Group / Zone / Market Cybersecurity awareness initiatives are properly deployed everywhere and to all populations.
• Tailor communication and training plans to diverse internal audiences, ensuring content is relevant to specific roles and risk profiles.
• Enhance the cybersecurity e-learning catalog, ensuring high-quality, engaging, and up-to-date content.
• Creates and manages metrics that effectively measure the overall effectiveness of the Cybersecurity awareness program.
• Consolidate and analyze global and local awareness data to provide a unified view of performance and identify areas for continuous improvement.

Qualifications

Professional experience : You have a successful experience of at least 5 years in GRC (mainly awareness and/ or Governance activities) within a consultancy firm or a Fortune 500 company.

Technical Skills

• Strong Cybersecurity knowledge, preferably supported by a worldwide certification in the field (CISSP, CISM, ISO 27001 LI/LA…).
• Strong knowledge of governance frameworks (e.g., COSO, or COBIT for IT governance).
• Good understanding of regulatory requirements like GDPR, NIS2 and CRA.
• Knowledge of GRC platforms (e.g., ServiceNow) and Security Awareness tools.

Management Skills

• Ability to manage consultancy teams.
• Ability to communicate complex ideas effectively, in English and French, with international stakeholders and with Cybersecurity stakeholders within the Group.

Interpersonal Skills

• Willingness to learn and develop new hard and soft skills.
• Ability to navigate within a fast-moving environment.
• Strong analytical skills.
• Ability to lead workshops.
• Fluency in English is essential.
• Position based at St-Ouen (93) with regular meetings within Paris area and rare business trip abroad.

Benefits

A place for you to leave your comfort zone and grow beyond your potential. Real responsibility from day 1; there’s no sitting on the sidelines at L’Oréal.

An environment where people of every ethnicity, social background, age, religion, gender and sexual orientation as well as people with disabilities are accepted, can speak up, will thrive and are celebrated!

A place where you can contribute to something bigger! Many of our brands have societal /environmental causes to make concrete difference.