Back to Jobs

vp, Risk And Data Security, Protection, And Resilience

ESTÉE LAUDER COMPANIES
New York, NY
The Estée Lauder Companies Inc. is one of the world's leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of luxury and prestige brands globally. The company's products are sold in approximately 150 countries and territories under brand names including: Estée Lauder, Aramis, Clinique, Lab Series, Origins, M·A·C, La Mer, Bobbi Brown Cosmetics, Aveda, Jo Malone London, Bumble and bumble, Darphin Paris, TOM FORD, Smashbox, AERIN Beauty, Le Labo, Editions de Parfums Frédéric Malle, GLAMGLOW, KILIAN PARIS, Too Faced, Dr.Jart+, the DECIEM family of brands, including The Ordinary and NIOD, and BALMAIN Beauty. Description Who We Are Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skincare, and luxury fragrance brands? Then join our Risk Management and Data Security team in Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). Our Risk Management and Data Protection team is responsible for identifying, assessing, and mitigating potential risks to the enterprise and our data. This small but important group actively governs these critical pillars of work, shapes our risk management strategies, finds mitigation strategies. They will lead three teams- (1) Strategic Risk Management and Reduction, (2) Supplier Security and Third Party Risk Management, and (3) Data Security including Data Protection and Classification, Data Resilience and Disaster Recovery, and Data Loss Prevention. Their teams will collaborate across security, technology and business functions and will help to directly fortify the organization against evolving risks. What You'll Do As the Vice President, Risk Management and Data Security, you will lead the company's approach to cybersecurity and technology risk management and securing our data in its various forms, in collaboration with data and analytics and data privacy. In this exciting new role, you will:
  • Lead and develop teams across technology risk, data protection, and security.
  • Establish governance forums for risk, security, and data protection decisions.
  • Partner with IT, Engineering, Legal, Compliance, and Product teams.
  • Translate technical and cyber risk into clear executive-level reporting.
  • Drive accountability without creating friction or unnecessary bureaucracy.
  • Drive consistent governance cadence with clear decision outcomes.
  • Have strong collaboration with technology and business leaders.
  • Maintain executive trust in risk and security reporting.
Risk Management and Reduction: This strategic function will not only oversee the traditional risk management and risk register functions, but design and oversee the modernization of a risk management function meant to resolve and remediate risk, not just track it. This is an expansion of the "second line of defense" ensuring risk is addressed in meaningful and prioritized ways. You will help enable innovation, finding the path forward for our technology innovation and help the organization stay at the cutting edge while keeping security risk to a minimum through technical and resolution-focused risk management. Our risk management function relies more on technical solutions and risk mitigation than most programs, to modernize risk management and create more impact by the function. You will seek to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company. Then be responsible for lead the effort to find and execute the solution until remediated. You must have strong technical and business acumen, understanding the details behind and making decisions or influencing based on risk. You must also lead the team in balancing the tradeoffs of having ultimate security and running the business. You must be able to navigate countering perspectives, setting priorities independently, and leading effectively to manage the expectations of our stakeholders and technical and business leadership. Data Protection and Security:
  • Define and own the enterprise data protection vision, roadmap, and operating model
  • Serve as the executive authority on data risk, data security, and data lifecycle management
  • Translate regulatory, legal, and business requirements into actionable data protection policies
  • Build and lead a high-performing global data protection organization
  • Define KPIs and dashboards for:
  • Data risk posture
  • Coverage of discovery and classification
  • DLP effectiveness
  • Remediation progress
  • Regularly brief executive leadership and the board on data protection risks and progress
Data Governance and Policy:
  • Establish and oversee enterprise data governance frameworks, including:
    • Data ownership and stewardship
    • Data lifecycle management
    • Data quality, retention, and disposition
  • Partner with business and technology leaders to embed governance into day-to-day operations
  • Ensure governance scales across cloud, hybrid, and multi-cloud environments
Data Classification and Discovery:
  • Own the enterprise data classification strategy, including:
    • Sensitive data identification (PII, PHI, PCI, IP, regulated data)
    • Labeling and tagging standards
  • Implement and mature automated data discovery tools across:
    • Endpoints
    • SaaS applications
    • Cloud storage
    • Data lakes and warehouse
  • Drive continuous discovery and remediation of exposed, misused, or over-retained data
Data Security and Data Loss Prevention:
  • Design and oversee data security controls across:
    • Data at rest, in transit, and in use
    • Structured and unstructured data
  • Lead enterprise DLP strategy and execution, including:
    • Endpoint, network, cloud, and SaaS DLP
    • Insider risk management
    • Exfiltration prevention
  • Partner with SOC and Security Operations on detection, response, and incident handling involving data exposure
Cloud and Data Lakes:
  • Define standards for secure data management in cloud platforms (AWS, Azure, GCP)
  • Ensure protection of data within:
    • Cloud storage (S3, Blob, GCS)
    • Container security
    • Data lakes
    • Analytics platforms and AI/ML pipelines
  • Implement controls for:
    • Encryption and key management
    • Access governance
    • Data segmentation and isolation
    • Cross-border data transfers
  • Address emerging risks related to AI training data and model output
Responsibilities
  • Leading the ECR team and its technology stakeholders to reduce the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Risks related to but not limited to:
    • Architecture, infrastructure, cloud, and applications
    • Identity and access management
    • Software development and DevSecOps
    • Vulnerability management, technical debt, and configuration drift
    • Third-party and supply chain technology risk
    • Data Lakes and the cloud
  • Overseeing risk assessments and data security and protection for:
    • New and emerging technologies and platforms
    • Cloud migrations and architecture changes
    • High-risk vendors and service providers
  • Defining risk appetite and tolerance in partnership with leadership, ongoing measurement and reporting on risk against thresholds
  • Maintain a technology and cyber risk register with clear ownership and mitigation plans.
  • Overseeing and redefining the risk identification and risk management processes
  • Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
  • Collaborating to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements
Responsibilities Contd
  • Enabling balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
  • Translating technical risk into business impact and likelihood.
  • Providing regular risk reporting to executive leadership.
  • Defining and execute the data protection strategy focused on risk reduction.
  • Establishing and enforcing:
    • Data classification and labeling
    • Data handling and retention standards
    • Access controls and least-privilege principles
    • In all areas of the business and in all technology platforms
  • Partnering with Privacy, Legal, and Compliance to ensure regulatory data protection requirements are met (e.g., GDPR, CCPA/CPRA, HIPAA, PCI DSS).
  • Overseeing and ensuring the design and implementation of:
    • Encryption at rest and in transit
    • Data Loss Prevention (DLP) capabilities
    • Monitoring of data access and movement throughout the enterprise
  • Partnering with Architecture and technology teams to ensure our Zero trust framework ensures data is protected at all times
  • Helping govern the response to data exposure and data breach incidents both internally as well as with third parties.
Technical Proficiency:
  • Cybersecurity Depth: Cybersecurity skills include exposure to multiple cybersecurity domains e.g. cybersecurity architecture, engineering, operations, IDAM.
  • Cyber attack framework: First-hand experience in cybersecurity attacks and controls and how one works against the other. Experience with industry cybersecurity best practices and domains, with a constant willingness to learn more. Understanding of the MITRE ATT&CK framework.
  • IT Proficiency: At least 2 years delivering in at least 1 domain of information technology such as networks, application development, and infrastructure. Basic SDLC knowledge to include engineering and deployment plans and review boards.
  • Risk Management: Experience with ServiceNow and eGRC tools and the Integrated Risk Modules within.
  • Data Governance, Loss Prevention and Insider Threat: Expertise in governing framework for DLP monitoring and configuration. Data discovery experience in
  • Problem-Solving and Proactivity: Ability to identify opportunities for improvement and assist in the implementation of solutions. Initiative and autonomy in supporting ECR's strategic and operational goals.
  • Collaborative Mindset: Strong teamwork and community-building skills with the ability to collaborate effectively with cross-functional teams and stakeholders at various levels of seniority.
  • Administrative skill: Exposure to foundational data analytics. Basic Excel skills. Basic PowerPoint and Power BI Reporting.
  • Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
  • Adaptability and Flexibility: Ability to work in a dynamic environment and adapt to changing priorities.
  • Attention to Detail: Strong organizational skills and attention to detail in data analysis and reporting.
Qualifications
  • Bachelor's degree in Computer Science or Cybersecurity related field - required
  • Post-graduate work or thesis in Risk Management - preferred
  • Minimum 15+ years relevant experience within Information or Cyber Security
  • 8+ years experience serving specifically in Cybersecurity leadership roles
  • Technical certification such as OSCP, CEH, CCSP, PenTest+, CISSP, SANS GIAC or equivalent to demonstrate technical proficiency - strongly preferred
  • Must have hands on experience delivering in security capabilities and the technologies powering a security stack, as well as first-hand knowledge of what it takes to engineer and deliver on IT and security technologies and controls
  • Must have experience in making security decisions, prioritization, and trade-offs based on risk
  • Experience delivering in at least two of the three lines of defense, demonstrating an understanding of what it's like to be in the audit or owner seat.
  • Previous business management experience preferred, demonstrating effective senior stakeholder engagement and influence capability
  • Demonstrated experience in analysis, data gathering, data collation and data interpretation
  • Strong working knowledge of security frameworks, policies and industry standards, appropriate and secure functionality of infrastructure and applications, and experience in assessing and mitigating technology risk
  • Strong understanding of and experience adhering to industry standards and frameworks such as NIST CSF, PCI, SOX, ISO/IEC 27001, NIST SP800, COBIT, ITIL, etc.
  • Ability to dive deeply into technical subject matter with IT and Security leadership and SMEs, influencing and leading change in the technical and process approaches in order to improve the security of the organization
  • Ability to effectively communicate technical topics in the business language in order to drive successful outcomes for the organizationDemonstration of leadership/management assignments, and prioritization of competing urgencies
  • Broad experience in team management with a global and virtual capability, demonstrating strong leadership, influence and motivational skills with a known good reputation in both skillset and relationships in the security industry.
  • Deep experience in building and leading teams, identifying and developing cybersecurity talent, and driving operational excellence and effectiveness across security architecture, engineering and operations
  • Track record in building and leading strong teams of thriving, motivated, skilled individuals
  • Ability to lead and influence solution development in a complex and challenging environment
  • Global experience that demonstrates effective engagement with a variety of stakeholders who have competing expectations and priorities
  • Professional English fluency and presentation skills required, with the expectation to deliver orally and in writing to executive level audiences
  • CISSP, CISM, CCSP, OCSP, or equivalent certification is preferred.
Pay Range: The anticipated base salary range for this position is $221,600.00 to $377,200.00 . Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program as well as participation in the share incentive plan. In addition, In addition to base salary, this position is eligible for participation in a highly competitive bonus program with the possibility for overachievement based on performance and company results. In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage (medical, dental, and vision insurance), wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company. Equal Opportunity Employer It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact [email protected]. Michigan Applicants: Persons with disabilities needing accommodations for employment must notify the company in writing of the need for an accommodation within 182 days after the date the person with a disability knew or reasonably should have known that an accommodation was needed. Philadelphia Applicants: Philadelphia's Fair Chance Hiring Law Rhode Island Applicants: The company is subject to chapters 29-38 of title 28 of the general laws of Rhode Island and is therefore covered by the state's workers' compensation law.
Posted 2026-05-31

Recommended Jobs

Travel Registered Nurse House Supervisor Job

Watertown, NY

Job Overview TLC Nursing Associates, Inc. is seeking an experienced Registered Nurse (RN) – House Supervisor to oversee nursing operations, manage staff, and ensure high-quality patient care acr…

View Details
Posted 2026-02-13

Junior Mechanical Engineer (Internship to Full-Time)

Spectrum Comm Inc
Farmingdale, NY

Junior Mechanical Engineer — Superior Motion Controls (Farmingdale, NY) Internship leading to full-time | Long Island, New York | Up to $65,000 (internship) About SMC Superior Motion Contr…

View Details
Posted 2026-05-16

Animal Care Technician 1

Taconic Biosciences, Inc.
Germantown, NY

Are you someone who has an interest in science, a love for animals, and values being a good team member?  Do you enjoy hands on work, learning new things, and are you looking for a career with a purpo…

View Details
Posted 2026-05-15

Scrum Master (Risk Management) : Job Level - Associate

Morgan Stanley
New York, NY

Firm Risk Management Firm Risk Management (FRM) supports Morgan Stanley to achieve its business goals by partnering with business units across the Firm to realize efficient risk-adjusted returns, a…

View Details
Posted 2026-05-06

Japanese Instructor (Part Time)

Concorde Education
New York, NY

Job Summary The Japanese Instructor will introduce school-age students to the basics of the Japanese language, focusing on fundamental conversational skills, simple symbol identification, and foun…

View Details
Posted 2026-01-21

Shipping and Receiving Clerk - Now Hiring

Randstad Technologies
New York, NY

Ready to apply your shipping and receiving experience in a new role? Do you enjoy working with a sense of urgency? Are you an ace at resolving issues? If any of those apply, you should apply for the r…

View Details
Posted 2026-05-31

Content Design Senior Associate

JPMorgan Chase & Co.
New York, NY

Job Description Join our team and make a significant impact through innovative content design and drive customer confidence and satisfaction.  As a Content Design Senior Associate in Affluent Br…

View Details
Posted 2026-05-29

Executive Assistant

Zirtual
New York, NY

Zirtual is a work-life balanced company that provides clients with experienced, highly skilled remote assistants for both personal and professional needs. Our Executive Assistants are committed to …

View Details
Posted 2026-05-28

Certified Prosthetist / Certified Prosthetist Orthotist (CP/CPO)

MRINetwork Jobs
Bronx, NY

The Newell Group is conducting a search on behalf of an established prosthetics and orthotics practice in Bronx, NY . Our client is seeking a skilled and compassionate Certified Prosthetist / Cert…

View Details
Posted 2026-05-15

Sales Manager, Home Furnishings

Ashley Northeast
Yonkers, NY

Join Us Today: If you are passionate about leading high-performing teams, delivering outstanding guest experiences, and driving sales excellence, we invite you to join us. With industry-leading bene…

View Details
Posted 2026-05-24