Global Cybersecurity Governance and Awareness Lead

Overview

WANT TO KNOW MORE ABOUT OUR BIG TECH TRANSFORMATION? L’Oréal is present in 130 countries on five continents. For more than a century, L’Oréal has devoted itself solely to one business: beauty; it is now the industry world leader with €42 billion consolidated sales. Today, L’Oréal includes more than 2000 tech positions and it’s constantly growing. Especially with our ambition to become the #1 BeautyTech company , meaning inventing the beauty of the future while becoming the company of the future. BeautyTech will equip the Group with the key assets it needs to conquer this new world, where Tech has become strategic.

To achieve this ambition, L’Oréal needs to continue recruiting diverse , innovative, skilled and passionate minds in different tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications and Infrastructure.

Main Role

A Day In The Life Reporting to the Head of Governance, Risk & Compliance you will be in charge of organizing the Cybersecurity Governance and Awareness at Global level.

Responsibilities

• The execution of all Governance and Awareness related projects.
• Managing the cybersecurity awareness & education program.
• Definition and maintenance of L’Oréal Group Cybersecurity Framework and communication on those requirements.

This is a leadership role that requires an individual with a strong knowledge in GRC, able to communicate to leadership positions as well as the ability to work with different teams across the world with different cultures to align Cybersecurity priorities with key IT and Business objectives following a risk-based approach.

Main Missions

• Governance :
  • Design and maintain the Cybersecurity Framework (policies, standards, and guidelines) to ensure it remains up to date with the evolving threat landscape and L\'Oréal needs.
  • Ensure applicability of the framework by ensuring that policies are realistic, technically feasible, and tailored to the operational constraints.
  • Ensure the cybersecurity framework remains fully aligned with operational security activities and other cross-functional workstreams.
  • Work with compliance team to design and implement the effective deployment strategy of security policies within Zones and Platforms.
  • Assist cybersecurity managers in understanding and implementing the framework requirements within their specific contexts.
  • Provide guidance and support in tracking the resolution of non-compliance issues or audit findings, ensuring long-term improvement.
  • Ensure Cybersecurity Framework is well known and understood by the team.
  • Report KPI.
• Awareness Program :
  • Identify and evaluate top Human risks to the organization and behaviors to strengthen the organization’s security culture and mitigate these risks.
  • Design, deploy, and maintain a comprehensive global security awareness program that ensures regulatory compliance and addresses identified human risks.
  • Ensure, in partnership with internal communication and Learning team, that Group / Zone / Market Cybersecurity awareness initiatives are properly deployed everywhere and to all populations.
  • Tailor communication and training plans to diverse internal audiences, ensuring content is relevant to specific roles and risk profiles.
  • Enhance the cybersecurity e-learning catalog, ensuring high-quality, engaging, and up-to-date content.
  • Create and manage metrics that effectively measure the overall effectiveness of the Cybersecurity awareness program.
  • Consolidate and analyze global and local awareness data to provide a unified view of performance and identify areas for continuous improvement.

We Are Looking For

• Professional experience : You have a successful experience of at least 5 years in GRC (mainly awareness and/ or Governance activities) within a consultancy firm or a Fortune 500 company.
• Technical Skills :
  • Strong Cybersecurity knowledge, preferably supported by a worldwide certification in the field (CISSP, CISM, ISO 27001 LI/LA…).
  • Strong knowledge of governance frameworks (e.g., COSO, or COBIT for IT governance).
  • Good understanding of regulatory requirements like GDPR, NIS2 and CRA.
  • Knowledge of GRC platforms (e.g., ServiceNow) and Security Awareness tools.
• Management Skills :
  • Ability to manage consultancy teams.
  • Ability to communicate complex ideas effectively, in English and French, with international stakeholders and with Cybersecurity stakeholders within the Group.
• Interpersonal Skills :
  • Willingness to learn and develop new hard and soft skills.
  • Ability to navigate within a fast-moving environment.
  • Strong analytical skills.
  • Ability to lead workshops.
  • Fluency in English is essential.
  • Position based at St-Ouen (93) with regular meetings within Paris area and rare business trip abroad.

What’s In It For You

A place for you to leave your comfort zone and grow beyond your potential (here, you’ll be encouraged to try new things and take risks!).

Real responsibility from day 1, there’s no sitting on the sidelines at L’Oréal.

An environment where people of every ethnicity, social background, age, religion, gender and sexual orientation as well as people with disabilities are accepted, can speak up, will thrive and are celebrated!

A place where you can contribute to something bigger! Many of our brands have societal /environmental causes to make concrete difference.