Reporting to the Travel Retail APAC CIO and Travel Retail CISO (based in Paris), your main responsibility will be to animate all cybersecurity topics for L'Oréal Travel Retail APAC. The position demands a strong cybersecurity foundation in governance, risk and compliance combined with exceptional collaboration skills to effectively align security priorities with IT and business teams, utilizing a risk-based approach.

Governance:

• Lead the implementation of Travel Retail Cyber Security roadmap for APAC but also contribute or animate cybersecurity topics in Travel Retail central teams or affiliates.
• Convey the L’Oréal Group Cybersecurity framework and adapt it when required.
• Animate regular meetings and presentations with TR APAC business and IT domain managers.
• Ensure strong security collaboration within all Travel Retail teams as well as NA-SAPMENA zone Cybersecurity teams.

Risk Management / Security in Project:

• Identify, estimate, evaluate Cybersecurity risks of your perimeter and ensure proper mitigation actions are in place.
• Support IT and business teams and especially project and domain managers on all aspects of cybersecurity.
• Review security of Third Parties and ensure proper cybersecurity requirements are included in contracts.

Compliance / Action plan follow-up.

• Ensure compliance with country regulations and / or laws in your scope.
• Enforce and control the correct application of the Group's Cybersecurity policies and standards.
• Follow, animate and report on security KPI’s / KRI’s.
• Ensure all assets and services on your perimeter are secured and compliant.
• Ensure misconfigurations, vulnerabilities, audit & pen test findings or any other security weaknesses are remediated in due time.

Cybersecurity Awareness / Culture:

• Ensure, in partnership with internal communication, that Group & Travel Retail Cybersecurity awareness initiatives are properly deployed on your perimeter.
• Educate IT and business teams on Cybersecurity good practices. 
• Present Cybersecurity topics to large audience and Management committee.

Requirements

• Master’s degree in Computer Science, Information Security/Data Systems Management or a related field or discipline 
  
• A minimum of 3 years of experience in Cybersecurity is required.
• Good overall IT & cybersecurity knowledge such as computing systems, network technologies, security technologies, systems integration.
• Excellent interpersonal skills, as well as an ability to interface efficiently with employees, senior leadership, and external partners, clients, and customers.
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization.
• A previous experience as IT project manager or information security manager is preferred.