GLOBAL CYBERSECURITY GOVERNANCE AND AWARENESS LEAD
Job Description
L'Oréal is a global leader in beauty with 130 countries of presence. The company is expanding its technology footprint, focusing on Cybersecurity Governance and Awareness at the global level.
A Day In The Life
Reporting to the Head of Governance, Risk & Compliance, you will organize Cybersecurity Governance and Awareness worldwide.
He/she Is In Charge Of
- The execution of all Governance and Awareness related projects.
- Managing the cybersecurity awareness & education program.
- Definition and maintenance of L'Oréal Group Cybersecurity Framework and communication on those requirements.
Main Missions
Governance
- Design and maintain the Cybersecurity Framework (policies, standards, and guidelines) to remain up to date with emerging threats and company needs.
- Ensure applicability of the framework by making policies realistic, technically feasible, and tailored to operational constraints.
- Align the framework with operational security activities and other cross‑functional workstreams.
- Work with compliance team to design and implement effective deployment strategy of security policies within Zones and Platforms.
- Assist cybersecurity managers in understanding and applying framework requirements in their specific contexts.
- Provide guidance and support to track the resolution of non‑compliance issues or audit findings, ensuring continuous improvement.
- Ensure the Cybersecurity Framework is well known and understood by the team.
- Report KPIs.
Awareness Program
- Identify and evaluate top Human risks to the organization and behaviors to strengthen the security culture.
- Design, deploy, and maintain a comprehensive global security awareness program that ensures regulatory compliance and mitigates human risks.
- Ensure, with internal communication and Learning teams, that Group / Zone / Market Cybersecurity awareness initiatives are deployed everywhere and to all populations.
- Tailor communication and training plans to diverse internal audiences, ensuring relevance to specific roles and risk profiles.
- Enhance the cybersecurity e‑learning catalog, ensuring high‑quality, engaging, up‑to‑date content.
- Create and manage metrics that measure the overall effectiveness of the Cybersecurity awareness program.
- Consolidate and analyze global and local awareness data to provide a unified view of performance and identify continuous improvements.
We Are Looking For
Professional experience: Minimum 5 years in GRC (mainly awareness and/or Governance) within a consultancy firm or a Fortune 500 company.
Technical Skills
- Strong cybersecurity knowledge, preferably supported by a worldwide certification (CISSP, CISM, ISO 27001 LI/LA, etc.).
- Strong knowledge of governance frameworks (e.g., COSO or COBIT for IT governance).
- Good understanding of regulatory requirements such as GDPR, NIS2 and CRA.
- Knowledge of GRC platforms (e.g., ServiceNow) and Security Awareness tools.
Management Skills
- Ability to manage consultancy teams.
- Ability to communicate complex ideas effectively, in English and French, with international stakeholders.
Interpersonal Skills
- Willingness to learn and develop new hard and soft skills.
- Ability to navigate a fast‑moving environment.
- Strong analytical skills.
- Ability to lead workshops.
- Fluency in English is essential.
- Position based at St‑Ouen (93) with regular meetings within Paris area and rare business trip abroad.
What's In It For You
A place to leave your comfort zone and grow beyond your potential. Real responsibility from day one, no sitting on the sidelines. An environment where people of every ethnicity, social background, age, religion, gender, sexual orientation, and people with disabilities are accepted, can speak up, thrive and are celebrated. A place where you can contribute to something bigger—many of our brands have societal and environmental causes to make a concrete difference.
Additional Information
- Contract Type: Full‑Time
- Location: Saint‑Ouen
- Possible partial remote