Regional Cybersecurity Manager

Regional Cybersecurity Manager

“Digital transformation is at the forefront of our Group development. This transformation will open a lot of new opportunities on all the area and domains where the Group operates. Join us if you want to play a key role in this thrilling transformation by partnering with our business functions to enable a secure innovation and to keep our people and assets safe and secured.”

CONTEXT

As Regional Cybersecurity Manager, you will become a member of the Richemont Group Cyber Resilience department, a highly motivated and dynamic global team. Reporting to the Head of Group Cyber Risk & Advisory, you will work across the Richemont Group, including all Maisons worldwide and leading cybersecurity activities in the MEIA region. Sitting in the 2nd line of defense, you will provide guidance and advisory to business and technical functions within the Group to enable security by design and cyber risk management.

As a Regional Cybersecurity Manager, you will provide overall direction, oversight and definition of Cyber Security concepts and models along with cyber security best practices and control objective to enable the Group to achieve its business strategy and ambitions in a secured and resilient manner. 

You will be leading and supporting various initiatives aiming at defining and deploying processes, awareness and technologies related to cyber risk management.

You will also actively participate to other risk assessments activities, such as, amongst others, the definition and update of cyber security policies and baselines, control objectives or security best practices/guidance, security architecture review, awareness campaigns, third party security due diligence, etc. 

Your role will involve a prominent level of collaboration with key stakeholders from business as well as other security specialists, technology communities, control owners and external vendors. 

HOW WILL YOU MAKE AN IMPACT?

Your key responsibilities will be the following:

• Enable cyber risk & control management and implementation
  • Contribute to the cyber risk & control strategy for the Group
  • Steer the assessment and monitoring of cyber risk & controls
  • Empower risk & control owners to understand their responsibilities and to take ownership
• Engage with various Richemont entities’ executives and drive or participate in cyber risk assessments at strategical level
• Act as the principal point of contact for any cybersecurity activities within the MEIA region
• Oversee and support the scaling of the quantitative cyber risk management framework toward the group
• Advise business units, operational teams, and IT teams on cyber risk expertise, to ensure only acceptable risks are introduced to the group, and to make sure Richemont keeps compliant with legislations and regulatory requirements.
• Track and monitor cyber risk remediation/mitigation measures
• Serve as cyber risk subject matter expert to business and technical functions in the Group
• Collaborate with cyber risk architects to ensure that cyber security best practices are properly and systematically embedded within business and enterprise applications, services, platforms, and processes (enforce security by design)
• Assist in deployment of cyber awareness program for the Group

HOW WILL YOU EXPERIENCE SUCCESS WITH US?

For this role you will need to demonstrate the following:

• More than 10 years of experience in various cybersecurity domains with a focus on cyber risk and control management
• Proven knowledge and hands-on expertise on information security principles and practices
• Excellent communication skills including the ability to adapt and communicate toward several types of audiences, at various hierarchical levels (up to C-Level)
• SME (Subject Matter Expert) in control management frameworks, such as NIST CSF, CIS top 20, ISO 27002, NIST 300-53 etc…
• Master one of the industries recognized common risk management frameworks (FAIR, NIST RMF, ISO 27005, ISO 31000, COSO, others). Knowledge of the other frameworks is a plus
• Industry recognised Security Certifications are a plus (e.g., CISSP, CISM, CRISC, NIST CSF, etc.)
• Familiar with various international security and privacy regulations (GDPR, Chinese Cyber Security Law, South Korea PIPA, MEIA security laws etc…)
• Business oriented
• Experience in project management
• Good analytical and problem-solving skills
• Strong collaborative mindset is necessary
• Experience working in large, multi-tiers and international environments
• Fluent in English, other additional languages are a plus, ie Arabic

WHAT MAKES OUR GROUP DIFFERENT?

Our true power does not lie in our similarities but in the rich diversity of our arts, cultures, and human skills, as well as our specific ability to foster untapped potential.

We value freedom, collegiality, loyalty, and solidarity.
We foster empathy, curiosity, courage, humility, and integrity.
We care for the world we live in.