Volver
Indefinido
Shanghai, Shanghai Shi
Tech
Jornada Completa
01-Sep-2025

We're not just building brands at L’Oreal, we're shaping how the world experiences beauty (and it takes a lot of cool jobs to do it).

 

Intrigued? Keep reading, this might be the opportunity you've been searching for.

 

Key Responsibilities 

As a Cybersecurity Risk Assistant Manager, reporting to the North Asia & SAPMENA GRC Lead, you will be crucial in safeguarding L'Oréal's information assets and ensuring compliance with cybersecurity regulations. This role offers a unique opportunity to contribute to a global organization committed to innovation and excellence.

 

  1. Payment Card Industry Data Security Standard (PCI DSS) program implementation
  • Drive the implementation and maintenance of PCI DSS compliance end-to-end.
  • Develop and maintain documentation related to PCI DSS controls, policies, and procedures.
  • Collaborate cross-functions to ensure alignment on PCI DSS compliance efforts.
  • Manage and track remediation efforts for any identified gaps or vulnerabilities.
  • Develop and implement risk mitigation strategies to address identified risks.
  • Provide training and awareness programs to employees on PCI DSS requirements and their responsibilities.
  • Monitor and report on PCI DSS compliance status to the relevant stakeholders and management.

 

  1. Security Awareness 

 

  • Drive and support the development, implementation, and continuous improvement of the security awareness program.
  • Work with the global counterpart to manage and adapt the awareness training materials for local market usage
  • Conceptualise and prepare for execution of security awareness program e.g. awareness events, seminars, webinars, etc
  • Develop relevant awareness content based on evolving and up-to-date cybersecurity threats, vulnerabilities or incidents
  • Collaborate with cross-functional teams to promote cybersecurity awareness and best practices.

 

 

  1. Risk Assessment and Management:

Support GRC Lead in the risk management activities:

    • Identify and assess cybersecurity risks across the organization.
    • Develop and implement risk mitigation strategies and controls.
    • Monitor and report on the effectiveness of risk management efforts including establishing key risk indicators (KRI) and key control indicators (KCI) for tracking. 
    • Maintain a risk register to reflect the organisation’s cybersecurity risk profile 
    • Track the progress of risk remediation and ensure timely completion. 
    • Incorporate threat intelligence and vulnerability scanning data into risk assessments
  1. Compliance and Governance:
    • Work with various stakeholders to ensure compliance with relevant cybersecurity regulations and standards.
    • Maintain cybersecurity policies, procedures, and guidelines.


We Are Looking For:

 

We are looking for a driven and knowledgeable Cybersecurity Risk Manager who is dedicated to safeguarding information assets, ensuring compliance and with a strong aptitude for learning in the ever-evolving field of cybersecurity. The candidate will have a solid grasp of cybersecurity principles, risk management strategies, and regulatory standards.

 

Required:

  • Experience in working with PCI DSS program
  • Excellent communication and stakeholder management skills
  • Excellent critical thinking and problem-solving skills.
  • 3 to 5 years of experience in cybersecurity field

 

Preferred:

  • Bachelor's degree in Information Systems or a related field.
  • Strong understanding of cybersecurity threats, vulnerabilities, and risks. 
  • Strong knowledge of cybersecurity techniques and technologies.
  • Relevant certifications (e.g. CISSP, CISM, CRISC) 
  • Knowledge of industry standards and regulatory requirements, especially PCI DSS (e.g. NIST, ISO 27001, GDPR)

 

 

What’s In It for You

 

  • A place to leave your comfort zone and grow beyond your potential (here, you’ll be encouraged to try new things and take risks!)
  • Real responsibility from day 1; there’s no sitting on the sidelines at L’Oréal.
  • A place where you can contribute to something bigger! Many of our brands have societal /environmental causes to make a concrete difference.

 

Who We Are

 

L’Oréal is present in 150 markets on five continents. For more than a century, L’Oréal has devoted itself solely to ‘Creating beauty that moves the world’; it is now the industry leader with €42 billion in consolidated sales. Together, we solve complex challenges at scale while staying committed to making the world a more inclusive and better place for everyone and our planet.

 

Today, L’Oréal includes over 9k experts in beauty tech, digital, data and e-commerce and is constantly growing. Championing Beauty Tech, we invent the beauty of the future while becoming the company of the future.

 

To achieve this ambition, L’Oréal continues recruiting diverse, innovative, skilled, and passionate minds in tech domains such as Data, Digital, Cloud, Cyber Security, IT Architecture, DevOps, Applications, and Infrastructure.

 

We’re committed to guaranteeing inclusive recruitment processes and to advocating for hiring and promoting each candidate in an ethical and equitable way. The Group strictly prohibits discrimination against any applicant for employment because of the individual’s gender identity or expression, sexual orientation, visible and/or invisible disabilities, socio-economic and/or multicultural origins, health conditions, age, religion, or any other characteristics protected by law.

Postular ahora
  • Puedes inscribirte en un máximo de tres ofertas en un período de 30 días.
  • No puedes retirar tu solicitud una vez enviada, así que asegúrate de elegir la posición que mejor se adapte a tus habilidades y aspiraciones.
  • Visita el apartado “Tu espacio de candidatura” para ver las ofertas en las que ya te has inscrito.
  • Por favor abstente de crear cuentas adicionales con emails distintos ya que es probable que tus cuentas se unifiquen y que tus candidaturas en curso se pierdan