Prevention & Remediation Manager

Select how often (in days) to receive an alert: Create Alert We are EssilorLuxottica, a global leader in the design, manufacture and distribution of ophthalmic lenses, frames and sunglasses. The Company brings together the complementary expertise of two industry pioneers, one in advanced lens technologies and the other in the craftsmanship of iconic eyewear, to create a vertically integrated business that is uniquely positioned to address the world’s evolving vision needs and the global demand of a growing eyewear industry. With over 180,000 dedicated employees in 150 countries driving our iconic brands, our people are creative, entrepreneurial and celebrated for their unique perspectives and individuality. Committed to vision, we enable people to “see more and be more” thanks to our innovative designs and lens technologies, exceptional quality and cutting-edge processing methods. Every day we impact the lives of millions by changing the way people see the world. JOB SCOPE AND MAIN RESPONSIBILITIES: Single point of contact for leadership for all cyber breaches Guidance from top leadership can be implemented across all breaches Act as primary information source for Internal Audit, Internal Controls and other shared functions Creates uniformity and consistency with response protocols for all cyber breaches Decreases risk of inconsistent remediation efforts Implementation of systematic response protocols Ensures root cause is identified for all cyber breaches and accountability is assigned Strengthens the overall security infrastructure by eliminating known risks that caused previous breaches – also reduces risk of further breaches Saves time and resources by reducing duplicative work by others across all pending cyber breaches, e.g., one person handling budget approvals, updates to leadership, strategy implementation, root cause determination, etc. Builds regulatory confidence – having a dedicated position shows that we take these matters seriously, which may reduce risk/amount of fine Creates confidence with leadership that all cyber breaches are being managed in a consistent, effective and cost-efficient way Reporting – Ensure reporting towards EssilorLuxottica management AREAS OF RESPONSIBILITIES AND RELATED ACTIVITIES: Participate and support all cyber breaches Creates and oversees project team made up of point people from each impacted department/function Legal, Privacy/Compliance, Insurance, Information Security, Communications, Finance and Impacted Business Unit Assigns breach response and remediation responsibilities for all departments Assists with all vendor engagements Budget oversight for all vendor engagements to ensure spend does not exceed approval amounts Investigates and analyze root causes for all cyber breaches Assigns responsibility and makes recommendations to top leadership regarding root cause remediation – e.g., employee, system or vendor root cause remediation action steps Primary point of contact to top leadership regarding all cyber breaches Assists with all regulatory investigations Works with Internal Audit and Internal Controls to ensure go-forward monitoring of identified/remediated security gaps NETWORK OF INTERACTION: INTERNAL: Will join mainly Information Security Team and you will be asking to interact with IT and Business stakeholders within the Company across its geographies (e.g. EMEA, US, LATAM, China, Australia, etc.) EXTERNAL: You will be asking to interact with Suppliers as well as Business Partners. TECHNICAL SKILLS – PORTRAIT OF A PERFECT CANDIDATE: Bachelor’s degree in Information Security, Information Technology, Computer Science, Engineering, or similar is a plus Professional information security certifications (such as CISM, CISA, CSA, ISO27001, COBIT, ITIL, etc.) are a plus Proven effective cybersecurity and IS management skills Demonstrated skills in implementing security improvement programs, including executing technical assessments, identifying and implementing missing controls and or remediation; Knowledge of international standards and best practices in the area of Information Security and Data Protections (e.g. ISO 27001, NIST 800-53, etc.); Knowledge of most relevant information security and IT topics such as asset inventory and classification, IT Operations, network security, identity and access management, secure asset disposal, etc. (on both cloud and on-premise environments) Knowledge of key relevant Information Security / Data Protection regulations and standards (e.g. GDPR, HIPAA, PCI DSS) Excellent project management skills, teamwork and individual accountability Proven ability to communicate to all levels in a technical and non-technical manner J-18808-Ljbffr