Back to Jobs

vp, Risk And Data Security, Protection, And Resilience

ESTÉE LAUDER COMPANIES
New York, NY
The Estée Lauder Companies Inc. is one of the world's leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of luxury and prestige brands globally. The company's products are sold in approximately 150 countries and territories under brand names including: Estée Lauder, Aramis, Clinique, Lab Series, Origins, M·A·C, La Mer, Bobbi Brown Cosmetics, Aveda, Jo Malone London, Bumble and bumble, Darphin Paris, TOM FORD, Smashbox, AERIN Beauty, Le Labo, Editions de Parfums Frédéric Malle, GLAMGLOW, KILIAN PARIS, Too Faced, Dr.Jart+, the DECIEM family of brands, including The Ordinary and NIOD, and BALMAIN Beauty. Description Who We Are Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skincare, and luxury fragrance brands? Then join our Risk Management and Data Security team in Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). Our Risk Management and Data Protection team is responsible for identifying, assessing, and mitigating potential risks to the enterprise and our data. This small but important group actively governs these critical pillars of work, shapes our risk management strategies, finds mitigation strategies. They will lead three teams- (1) Strategic Risk Management and Reduction, (2) Supplier Security and Third Party Risk Management, and (3) Data Security including Data Protection and Classification, Data Resilience and Disaster Recovery, and Data Loss Prevention. Their teams will collaborate across security, technology and business functions and will help to directly fortify the organization against evolving risks. What You'll Do As the Vice President, Risk Management and Data Security, you will lead the company's approach to cybersecurity and technology risk management and securing our data in its various forms, in collaboration with data and analytics and data privacy. In this exciting new role, you will:
  • Lead and develop teams across technology risk, data protection, and security.
  • Establish governance forums for risk, security, and data protection decisions.
  • Partner with IT, Engineering, Legal, Compliance, and Product teams.
  • Translate technical and cyber risk into clear executive-level reporting.
  • Drive accountability without creating friction or unnecessary bureaucracy.
  • Drive consistent governance cadence with clear decision outcomes.
  • Have strong collaboration with technology and business leaders.
  • Maintain executive trust in risk and security reporting.
Risk Management and Reduction: This strategic function will not only oversee the traditional risk management and risk register functions, but design and oversee the modernization of a risk management function meant to resolve and remediate risk, not just track it. This is an expansion of the "second line of defense" ensuring risk is addressed in meaningful and prioritized ways. You will help enable innovation, finding the path forward for our technology innovation and help the organization stay at the cutting edge while keeping security risk to a minimum through technical and resolution-focused risk management. Our risk management function relies more on technical solutions and risk mitigation than most programs, to modernize risk management and create more impact by the function. You will seek to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company. Then be responsible for lead the effort to find and execute the solution until remediated. You must have strong technical and business acumen, understanding the details behind and making decisions or influencing based on risk. You must also lead the team in balancing the tradeoffs of having ultimate security and running the business. You must be able to navigate countering perspectives, setting priorities independently, and leading effectively to manage the expectations of our stakeholders and technical and business leadership. Data Protection and Security:
  • Define and own the enterprise data protection vision, roadmap, and operating model
  • Serve as the executive authority on data risk, data security, and data lifecycle management
  • Translate regulatory, legal, and business requirements into actionable data protection policies
  • Build and lead a high-performing global data protection organization
  • Define KPIs and dashboards for:
  • Data risk posture
  • Coverage of discovery and classification
  • DLP effectiveness
  • Remediation progress
  • Regularly brief executive leadership and the board on data protection risks and progress
Data Governance and Policy:
  • Establish and oversee enterprise data governance frameworks, including:
    • Data ownership and stewardship
    • Data lifecycle management
    • Data quality, retention, and disposition
  • Partner with business and technology leaders to embed governance into day-to-day operations
  • Ensure governance scales across cloud, hybrid, and multi-cloud environments
Data Classification and Discovery:
  • Own the enterprise data classification strategy, including:
    • Sensitive data identification (PII, PHI, PCI, IP, regulated data)
    • Labeling and tagging standards
  • Implement and mature automated data discovery tools across:
    • Endpoints
    • SaaS applications
    • Cloud storage
    • Data lakes and warehouse
  • Drive continuous discovery and remediation of exposed, misused, or over-retained data
Data Security and Data Loss Prevention:
  • Design and oversee data security controls across:
    • Data at rest, in transit, and in use
    • Structured and unstructured data
  • Lead enterprise DLP strategy and execution, including:
    • Endpoint, network, cloud, and SaaS DLP
    • Insider risk management
    • Exfiltration prevention
  • Partner with SOC and Security Operations on detection, response, and incident handling involving data exposure
Cloud and Data Lakes:
  • Define standards for secure data management in cloud platforms (AWS, Azure, GCP)
  • Ensure protection of data within:
    • Cloud storage (S3, Blob, GCS)
    • Container security
    • Data lakes
    • Analytics platforms and AI/ML pipelines
  • Implement controls for:
    • Encryption and key management
    • Access governance
    • Data segmentation and isolation
    • Cross-border data transfers
  • Address emerging risks related to AI training data and model output
Responsibilities
  • Leading the ECR team and its technology stakeholders to reduce the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Risks related to but not limited to:
    • Architecture, infrastructure, cloud, and applications
    • Identity and access management
    • Software development and DevSecOps
    • Vulnerability management, technical debt, and configuration drift
    • Third-party and supply chain technology risk
    • Data Lakes and the cloud
  • Overseeing risk assessments and data security and protection for:
    • New and emerging technologies and platforms
    • Cloud migrations and architecture changes
    • High-risk vendors and service providers
  • Defining risk appetite and tolerance in partnership with leadership, ongoing measurement and reporting on risk against thresholds
  • Maintain a technology and cyber risk register with clear ownership and mitigation plans.
  • Overseeing and redefining the risk identification and risk management processes
  • Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
  • Collaborating to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements
Responsibilities Contd
  • Enabling balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
  • Translating technical risk into business impact and likelihood.
  • Providing regular risk reporting to executive leadership.
  • Defining and execute the data protection strategy focused on risk reduction.
  • Establishing and enforcing:
    • Data classification and labeling
    • Data handling and retention standards
    • Access controls and least-privilege principles
    • In all areas of the business and in all technology platforms
  • Partnering with Privacy, Legal, and Compliance to ensure regulatory data protection requirements are met (e.g., GDPR, CCPA/CPRA, HIPAA, PCI DSS).
  • Overseeing and ensuring the design and implementation of:
    • Encryption at rest and in transit
    • Data Loss Prevention (DLP) capabilities
    • Monitoring of data access and movement throughout the enterprise
  • Partnering with Architecture and technology teams to ensure our Zero trust framework ensures data is protected at all times
  • Helping govern the response to data exposure and data breach incidents both internally as well as with third parties.
Technical Proficiency:
  • Cybersecurity Depth: Cybersecurity skills include exposure to multiple cybersecurity domains e.g. cybersecurity architecture, engineering, operations, IDAM.
  • Cyber attack framework: First-hand experience in cybersecurity attacks and controls and how one works against the other. Experience with industry cybersecurity best practices and domains, with a constant willingness to learn more. Understanding of the MITRE ATT&CK framework.
  • IT Proficiency: At least 2 years delivering in at least 1 domain of information technology such as networks, application development, and infrastructure. Basic SDLC knowledge to include engineering and deployment plans and review boards.
  • Risk Management: Experience with ServiceNow and eGRC tools and the Integrated Risk Modules within.
  • Data Governance, Loss Prevention and Insider Threat: Expertise in governing framework for DLP monitoring and configuration. Data discovery experience in
  • Problem-Solving and Proactivity: Ability to identify opportunities for improvement and assist in the implementation of solutions. Initiative and autonomy in supporting ECR's strategic and operational goals.
  • Collaborative Mindset: Strong teamwork and community-building skills with the ability to collaborate effectively with cross-functional teams and stakeholders at various levels of seniority.
  • Administrative skill: Exposure to foundational data analytics. Basic Excel skills. Basic PowerPoint and Power BI Reporting.
  • Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
  • Adaptability and Flexibility: Ability to work in a dynamic environment and adapt to changing priorities.
  • Attention to Detail: Strong organizational skills and attention to detail in data analysis and reporting.
Qualifications
  • Bachelor's degree in Computer Science or Cybersecurity related field - required
  • Post-graduate work or thesis in Risk Management - preferred
  • Minimum 15+ years relevant experience within Information or Cyber Security
  • 8+ years experience serving specifically in Cybersecurity leadership roles
  • Technical certification such as OSCP, CEH, CCSP, PenTest+, CISSP, SANS GIAC or equivalent to demonstrate technical proficiency - strongly preferred
  • Must have hands on experience delivering in security capabilities and the technologies powering a security stack, as well as first-hand knowledge of what it takes to engineer and deliver on IT and security technologies and controls
  • Must have experience in making security decisions, prioritization, and trade-offs based on risk
  • Experience delivering in at least two of the three lines of defense, demonstrating an understanding of what it's like to be in the audit or owner seat.
  • Previous business management experience preferred, demonstrating effective senior stakeholder engagement and influence capability
  • Demonstrated experience in analysis, data gathering, data collation and data interpretation
  • Strong working knowledge of security frameworks, policies and industry standards, appropriate and secure functionality of infrastructure and applications, and experience in assessing and mitigating technology risk
  • Strong understanding of and experience adhering to industry standards and frameworks such as NIST CSF, PCI, SOX, ISO/IEC 27001, NIST SP800, COBIT, ITIL, etc.
  • Ability to dive deeply into technical subject matter with IT and Security leadership and SMEs, influencing and leading change in the technical and process approaches in order to improve the security of the organization
  • Ability to effectively communicate technical topics in the business language in order to drive successful outcomes for the organizationDemonstration of leadership/management assignments, and prioritization of competing urgencies
  • Broad experience in team management with a global and virtual capability, demonstrating strong leadership, influence and motivational skills with a known good reputation in both skillset and relationships in the security industry.
  • Deep experience in building and leading teams, identifying and developing cybersecurity talent, and driving operational excellence and effectiveness across security architecture, engineering and operations
  • Track record in building and leading strong teams of thriving, motivated, skilled individuals
  • Ability to lead and influence solution development in a complex and challenging environment
  • Global experience that demonstrates effective engagement with a variety of stakeholders who have competing expectations and priorities
  • Professional English fluency and presentation skills required, with the expectation to deliver orally and in writing to executive level audiences
  • CISSP, CISM, CCSP, OCSP, or equivalent certification is preferred.
Pay Range: The anticipated base salary range for this position is $221,600.00 to $377,200.00 . Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program as well as participation in the share incentive plan. In addition, In addition to base salary, this position is eligible for participation in a highly competitive bonus program with the possibility for overachievement based on performance and company results. In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage (medical, dental, and vision insurance), wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company. Equal Opportunity Employer It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact [email protected]. Michigan Applicants: Persons with disabilities needing accommodations for employment must notify the company in writing of the need for an accommodation within 182 days after the date the person with a disability knew or reasonably should have known that an accommodation was needed. Philadelphia Applicants: Philadelphia's Fair Chance Hiring Law Rhode Island Applicants: The company is subject to chapters 29-38 of title 28 of the general laws of Rhode Island and is therefore covered by the state's workers' compensation law.
Posted 2026-05-18

Recommended Jobs

Prevailing Wage Porter - Lumen

Greystar
Long Island City, NY

ABOUT GREYSTAR Greystar is a leading, fully integrated global real estate platform offering expertise in property management, investment management, development, and construction services in ins…

View Details
Posted 2026-05-15

Physician- Psychiatrist

Rendr
Brooklyn, NY

Discover Better Health Careers with Rendr! Who We Are Rendr is the leading primary care focused, multi-specialty medical group dedicated to serving the Asian community in New York City. We striv…

View Details
Posted 2025-10-09

Junior Event Producer (Hybrid)

RTM Business Group
New York, NY

Junior Event Producer  RTM Business Group Hybrid in NY, NJ, CT or Remote in CA, FL, TX, PA, GA, OH, IN, SC Full-time 51-200 employees · Market Research Originally posted December 2025; t…

View Details
Posted 2026-01-14

Supervisor, Production

ITT
Seneca Falls, NY

About ITT: ITT is a leading manufacturer of critical components for harsh environments that serves fast-growing end markets in flow, aerospace and defense, energy and transportation. Building o…

View Details
Posted 2026-05-17

Field Service Technician (Labor) - Environmental

Clean Harbors
Syracuse, NY

Clean Harbors in Syracuse NY is seeking a Field Services Technician (Laborer-Hazmat) to join our safety conscious team. This role will be active in the field responsible for the performance of ta…

View Details
Posted 2026-05-14

Brand Ambassador

Valiant-Management
New Hyde Park, NY

Our company is looking for a Brand Ambassador to help implement our tried and true brand marketing strategies. Brand Marketing Advocate responsibilities include defining brand identity, building rapp…

View Details
Posted 2026-02-18

Junior-Mid Level Designer

New York, NY

About Us YJM Apparel Group Inc. is a growing apparel company dedicated to delivering innovative, high-quality designs that inspire and connect with our customers. We’re looking for a passionate and…

View Details
Posted 2026-04-21

Italian Speaking Customer Service Agent located in Greece - Full Paid Relocation

Patrique Mercier Recruitment Jp
Malta, NY

Step into an exciting career with Patrique Mercier Recruitment JP as an Italian Speaking Customer Service Agent, located in beautiful Greece! This role offers a fully paid relocation package, enablin…

View Details
Posted 2026-04-25

Travel Registered Nurse Electrophysiology Job

Rochester, NY

Job Overview TLC Nursing Associates, Inc. is seeking an RN Electrophysiology (EP) for travel assignments in specialized cardiac care settings. The RN Electrophysiology will assist in diagnosi…

View Details
Posted 2026-02-18

Head of Public Policy

Braven
New York, NY

Job Title : Head of Public Policy  Team : External Affairs Location : In-person. Preferred locations: Washington( DC). Additional locations: Chicago (IL), Atlanta (GA), New York City (NY),…

View Details
Posted 2026-04-23