Back to Jobs

vp, Risk And Data Security, Protection, And Resilience

ESTÉE LAUDER COMPANIES
New York, NY
The Estée Lauder Companies Inc. is one of the world's leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of luxury and prestige brands globally. The company's products are sold in approximately 150 countries and territories under brand names including: Estée Lauder, Aramis, Clinique, Lab Series, Origins, M·A·C, La Mer, Bobbi Brown Cosmetics, Aveda, Jo Malone London, Bumble and bumble, Darphin Paris, TOM FORD, Smashbox, AERIN Beauty, Le Labo, Editions de Parfums Frédéric Malle, GLAMGLOW, KILIAN PARIS, Too Faced, Dr.Jart+, the DECIEM family of brands, including The Ordinary and NIOD, and BALMAIN Beauty. Description Who We Are Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skincare, and luxury fragrance brands? Then join our Risk Management and Data Security team in Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). Our Risk Management and Data Protection team is responsible for identifying, assessing, and mitigating potential risks to the enterprise and our data. This small but important group actively governs these critical pillars of work, shapes our risk management strategies, finds mitigation strategies. They will lead three teams- (1) Strategic Risk Management and Reduction, (2) Supplier Security and Third Party Risk Management, and (3) Data Security including Data Protection and Classification, Data Resilience and Disaster Recovery, and Data Loss Prevention. Their teams will collaborate across security, technology and business functions and will help to directly fortify the organization against evolving risks. What You'll Do As the Vice President, Risk Management and Data Security, you will lead the company's approach to cybersecurity and technology risk management and securing our data in its various forms, in collaboration with data and analytics and data privacy. In this exciting new role, you will:
  • Lead and develop teams across technology risk, data protection, and security.
  • Establish governance forums for risk, security, and data protection decisions.
  • Partner with IT, Engineering, Legal, Compliance, and Product teams.
  • Translate technical and cyber risk into clear executive-level reporting.
  • Drive accountability without creating friction or unnecessary bureaucracy.
  • Drive consistent governance cadence with clear decision outcomes.
  • Have strong collaboration with technology and business leaders.
  • Maintain executive trust in risk and security reporting.
Risk Management and Reduction: This strategic function will not only oversee the traditional risk management and risk register functions, but design and oversee the modernization of a risk management function meant to resolve and remediate risk, not just track it. This is an expansion of the "second line of defense" ensuring risk is addressed in meaningful and prioritized ways. You will help enable innovation, finding the path forward for our technology innovation and help the organization stay at the cutting edge while keeping security risk to a minimum through technical and resolution-focused risk management. Our risk management function relies more on technical solutions and risk mitigation than most programs, to modernize risk management and create more impact by the function. You will seek to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company. Then be responsible for lead the effort to find and execute the solution until remediated. You must have strong technical and business acumen, understanding the details behind and making decisions or influencing based on risk. You must also lead the team in balancing the tradeoffs of having ultimate security and running the business. You must be able to navigate countering perspectives, setting priorities independently, and leading effectively to manage the expectations of our stakeholders and technical and business leadership. Data Protection and Security:
  • Define and own the enterprise data protection vision, roadmap, and operating model
  • Serve as the executive authority on data risk, data security, and data lifecycle management
  • Translate regulatory, legal, and business requirements into actionable data protection policies
  • Build and lead a high-performing global data protection organization
  • Define KPIs and dashboards for:
  • Data risk posture
  • Coverage of discovery and classification
  • DLP effectiveness
  • Remediation progress
  • Regularly brief executive leadership and the board on data protection risks and progress
Data Governance and Policy:
  • Establish and oversee enterprise data governance frameworks, including:
    • Data ownership and stewardship
    • Data lifecycle management
    • Data quality, retention, and disposition
  • Partner with business and technology leaders to embed governance into day-to-day operations
  • Ensure governance scales across cloud, hybrid, and multi-cloud environments
Data Classification and Discovery:
  • Own the enterprise data classification strategy, including:
    • Sensitive data identification (PII, PHI, PCI, IP, regulated data)
    • Labeling and tagging standards
  • Implement and mature automated data discovery tools across:
    • Endpoints
    • SaaS applications
    • Cloud storage
    • Data lakes and warehouse
  • Drive continuous discovery and remediation of exposed, misused, or over-retained data
Data Security and Data Loss Prevention:
  • Design and oversee data security controls across:
    • Data at rest, in transit, and in use
    • Structured and unstructured data
  • Lead enterprise DLP strategy and execution, including:
    • Endpoint, network, cloud, and SaaS DLP
    • Insider risk management
    • Exfiltration prevention
  • Partner with SOC and Security Operations on detection, response, and incident handling involving data exposure
Cloud and Data Lakes:
  • Define standards for secure data management in cloud platforms (AWS, Azure, GCP)
  • Ensure protection of data within:
    • Cloud storage (S3, Blob, GCS)
    • Container security
    • Data lakes
    • Analytics platforms and AI/ML pipelines
  • Implement controls for:
    • Encryption and key management
    • Access governance
    • Data segmentation and isolation
    • Cross-border data transfers
  • Address emerging risks related to AI training data and model output
Responsibilities
  • Leading the ECR team and its technology stakeholders to reduce the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Risks related to but not limited to:
    • Architecture, infrastructure, cloud, and applications
    • Identity and access management
    • Software development and DevSecOps
    • Vulnerability management, technical debt, and configuration drift
    • Third-party and supply chain technology risk
    • Data Lakes and the cloud
  • Overseeing risk assessments and data security and protection for:
    • New and emerging technologies and platforms
    • Cloud migrations and architecture changes
    • High-risk vendors and service providers
  • Defining risk appetite and tolerance in partnership with leadership, ongoing measurement and reporting on risk against thresholds
  • Maintain a technology and cyber risk register with clear ownership and mitigation plans.
  • Overseeing and redefining the risk identification and risk management processes
  • Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
  • Collaborating to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements
Responsibilities Contd
  • Enabling balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
  • Translating technical risk into business impact and likelihood.
  • Providing regular risk reporting to executive leadership.
  • Defining and execute the data protection strategy focused on risk reduction.
  • Establishing and enforcing:
    • Data classification and labeling
    • Data handling and retention standards
    • Access controls and least-privilege principles
    • In all areas of the business and in all technology platforms
  • Partnering with Privacy, Legal, and Compliance to ensure regulatory data protection requirements are met (e.g., GDPR, CCPA/CPRA, HIPAA, PCI DSS).
  • Overseeing and ensuring the design and implementation of:
    • Encryption at rest and in transit
    • Data Loss Prevention (DLP) capabilities
    • Monitoring of data access and movement throughout the enterprise
  • Partnering with Architecture and technology teams to ensure our Zero trust framework ensures data is protected at all times
  • Helping govern the response to data exposure and data breach incidents both internally as well as with third parties.
Technical Proficiency:
  • Cybersecurity Depth: Cybersecurity skills include exposure to multiple cybersecurity domains e.g. cybersecurity architecture, engineering, operations, IDAM.
  • Cyber attack framework: First-hand experience in cybersecurity attacks and controls and how one works against the other. Experience with industry cybersecurity best practices and domains, with a constant willingness to learn more. Understanding of the MITRE ATT&CK framework.
  • IT Proficiency: At least 2 years delivering in at least 1 domain of information technology such as networks, application development, and infrastructure. Basic SDLC knowledge to include engineering and deployment plans and review boards.
  • Risk Management: Experience with ServiceNow and eGRC tools and the Integrated Risk Modules within.
  • Data Governance, Loss Prevention and Insider Threat: Expertise in governing framework for DLP monitoring and configuration. Data discovery experience in
  • Problem-Solving and Proactivity: Ability to identify opportunities for improvement and assist in the implementation of solutions. Initiative and autonomy in supporting ECR's strategic and operational goals.
  • Collaborative Mindset: Strong teamwork and community-building skills with the ability to collaborate effectively with cross-functional teams and stakeholders at various levels of seniority.
  • Administrative skill: Exposure to foundational data analytics. Basic Excel skills. Basic PowerPoint and Power BI Reporting.
  • Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
  • Adaptability and Flexibility: Ability to work in a dynamic environment and adapt to changing priorities.
  • Attention to Detail: Strong organizational skills and attention to detail in data analysis and reporting.
Qualifications
  • Bachelor's degree in Computer Science or Cybersecurity related field - required
  • Post-graduate work or thesis in Risk Management - preferred
  • Minimum 15+ years relevant experience within Information or Cyber Security
  • 8+ years experience serving specifically in Cybersecurity leadership roles
  • Technical certification such as OSCP, CEH, CCSP, PenTest+, CISSP, SANS GIAC or equivalent to demonstrate technical proficiency - strongly preferred
  • Must have hands on experience delivering in security capabilities and the technologies powering a security stack, as well as first-hand knowledge of what it takes to engineer and deliver on IT and security technologies and controls
  • Must have experience in making security decisions, prioritization, and trade-offs based on risk
  • Experience delivering in at least two of the three lines of defense, demonstrating an understanding of what it's like to be in the audit or owner seat.
  • Previous business management experience preferred, demonstrating effective senior stakeholder engagement and influence capability
  • Demonstrated experience in analysis, data gathering, data collation and data interpretation
  • Strong working knowledge of security frameworks, policies and industry standards, appropriate and secure functionality of infrastructure and applications, and experience in assessing and mitigating technology risk
  • Strong understanding of and experience adhering to industry standards and frameworks such as NIST CSF, PCI, SOX, ISO/IEC 27001, NIST SP800, COBIT, ITIL, etc.
  • Ability to dive deeply into technical subject matter with IT and Security leadership and SMEs, influencing and leading change in the technical and process approaches in order to improve the security of the organization
  • Ability to effectively communicate technical topics in the business language in order to drive successful outcomes for the organizationDemonstration of leadership/management assignments, and prioritization of competing urgencies
  • Broad experience in team management with a global and virtual capability, demonstrating strong leadership, influence and motivational skills with a known good reputation in both skillset and relationships in the security industry.
  • Deep experience in building and leading teams, identifying and developing cybersecurity talent, and driving operational excellence and effectiveness across security architecture, engineering and operations
  • Track record in building and leading strong teams of thriving, motivated, skilled individuals
  • Ability to lead and influence solution development in a complex and challenging environment
  • Global experience that demonstrates effective engagement with a variety of stakeholders who have competing expectations and priorities
  • Professional English fluency and presentation skills required, with the expectation to deliver orally and in writing to executive level audiences
  • CISSP, CISM, CCSP, OCSP, or equivalent certification is preferred.
Pay Range: The anticipated base salary range for this position is $221,600.00 to $377,200.00 . Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program as well as participation in the share incentive plan. In addition, In addition to base salary, this position is eligible for participation in a highly competitive bonus program with the possibility for overachievement based on performance and company results. In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage (medical, dental, and vision insurance), wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company. Equal Opportunity Employer It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact [email protected]. Michigan Applicants: Persons with disabilities needing accommodations for employment must notify the company in writing of the need for an accommodation within 182 days after the date the person with a disability knew or reasonably should have known that an accommodation was needed. Philadelphia Applicants: Philadelphia's Fair Chance Hiring Law Rhode Island Applicants: The company is subject to chapters 29-38 of title 28 of the general laws of Rhode Island and is therefore covered by the state's workers' compensation law.
Posted 2026-04-18

Recommended Jobs

Staff Attorney - Civil Rights Unit

Prisoners' Legal Services of New York
Newburgh, NY

Prisoners’ Legal Services of New York (PLS) is seeking applicants for a Staff Attorney position in its Civil Rights Unit. This position will be based in PLS’s Newburgh NY office. About PLS PLS…

View Details
Posted 2026-04-18

Military DoD SkillBridge Program - Advanced Lead Engineer - Electrical Engineering

GE Renewable Energy Power and Aviation
Bohemia, NY

Job Description Summary The Military DoD SkillBridge program is an opportunity for Service members to gain valuable civilian work experience through specific industry training, apprenticeships, or…

View Details
Posted 2026-02-10

Offer: Utility Worker

Poughkeepsie, NY

Utility Worker Benefits : »Competitive compensation »Medical, Dental, and Vision insurance » 401(k) Retirement Savings Plan with substantial company match »Life and Trav…

View Details
Posted 2026-01-31

Field Underwriter (Remote)

Spieldenner Financial Group
Utica, NY

We are a fast-growing financial services organization focused on helping families protect what matters most. We prioritize fast pay, low startup costs, and hands-on training, so you can focus on…

View Details
Posted 2026-03-30

Search and Marketplaces Media Manager

Nood
New York, NY

About Nood Nood is building the next generation of beauty-tech: powerful at-home devices and high-performance skincare that actually deliver. We sit at the intersection of beauty, technology, and …

View Details
Posted 2026-02-24

Paralegal

Children's Law Center
New York State

About the Organization The Children's Law Center (CLC) is a non-profit legal services organization that represents children in custody, visitation, guardianship, paternity, family offense, and rel…

View Details
Posted 2026-03-24

Principal Data Scientist - Product

gusto
New York, NY

About Gusto At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff—like payroll, health insurance, 401(k)s, and HR—so owners can focus on their craft and custo…

View Details
Posted 2025-10-24

Solution Engineer

Ottimate
New York, NY

Location : Candidates must be based in the NYC Travel : The job involves 25% travel Ottimate is an AI-powered AP [Accounts Payable] automation platform that empowers finance teams to reduce c…

View Details
Posted 2026-04-10

Financial Services Tax - Real Estate Manager

PwC
New York, NY

Specialty/Competency: Industry Tax Practice Industry/Sector: Asset and Wealth Management Time Type: Full time Travel Requirements: Up to 20% A career in our Financial Services Tax prac…

View Details
Posted 2026-03-24

Associate Client Advocate

WTW
New York, NY

Description The Role This position is a client-facing role responsible for directly supporting Commercial Property and Casualty Insurance client relationship management efforts and coordinating a…

View Details
Posted 2026-04-18