Program Manager, Vendor Security, Cybersecurity

Job ID: 256316
Location Name: FSC REMOTE SF/NY/DC -173(USA_0173)
Address: FSC, Remote, CA 94105, United States (US)
Job Type: Full Time
Position Type: Regular
Job Function: Information Technology
Remote Eligible:Yes

Company Overview:

At Sephora we inspire our customers, empower our teams, and help them become the best versions of themselves.  We create an environment where people are valued, and differences are celebrated. Every day, our teams across the world bring to life our purpose: to expand the way the world sees beauty by empowering the Extra Ordinary in each of us.  We are united by a common goal - to reimagine the future of beauty.

The Opportunity:

About the Team

Sephora Cyber Security team is a dynamic, passionate, innovative, highly experienced, results-oriented Team within a Technology Organization with a deep commitment to ensuring security of Sephora informational assets.

Summary

The Program Manager- Vendor Security leads Sephora North America Vendor Security Risk Management Program. This highly visible and impactful role within the organization is responsible for performing functions required to manage Vendor Security Review process end to end.

In addition to reviewing new, existing and expanding vendor relationships, this role manages entire Sephora vendor portfolio from security perspective and maintains understanding of services these vendors provide and inherent information security risk presented by those vendors. Based on this, creates vendor risk specific security review approach for each vendor. The Program Manager will connect with relevant stakeholders across the company including Business and Technical Owners, Legal, Privacy and Sourcing to manage the vendor security review process and provides training to entire Sephora North America population.

Responsible to understand Sephora methodologies and relentlessly champion best security practices.

Your responsibilities include:

• Manages Sephora North America Vendor Security Review process end to end including but not limited to: reviewing intake documentation, managing internal meetings, reviewing project documents, creating a security review approach, reviewing vendor security documents, managing vendor security meeting, drafting meeting recap notes and follow ups, managing contract security reviews, etc.
• Drives vendor security related projects as needed
• Prepares weekly status updates and quarterly including dashboards etc.
• Provides ongoing vendor security review process training across org
• Demonstrate our Sephora values: Passion, Innovation, Expertise, Balance, Respect, Teamwork, and Initiative.

We would love to hear from you if…

• 5+ years of experience working in Cyber Security Team in vendor security, compliance, risk management, audit, security awareness or program/project management function with knowledge of information security principles.
• Ability to excel in high paced and dynamic environment
• Attention to Detail is a MUST. Strong organizational skills are a MUST.
• Ability to learn the vendor security review lifecycle management: intake form, internal meetings, reviewing project documents, reviewing vendor security documents, vendor security meeting, contract reviews, follow ups, repeat review etc.
• Ability to learn quickly and think critically specifically about Sephora vendor provided services, the inherent risk present in different types of vendor engagements, ability to modify review approach based on the type of vendor engagements.
• Ability to capture meeting notes and create clear and concise project summary write ups, action items, next steps, timelines.
• Timely and Effective action item follow ups.
• Ability to provide concise and timely status updates.
• Ability to create and deliver quarterly business updates/presentations to leadership.
• Ability to communicate and partner effectively with cross functional partners across the company: Business/Technical Owners, Legal, Privacy and Sourcing teams among others.
• Ability to learn Sephora vendor security review methodology and improve on that methodology.
• Ability to present content effectively at various trainings, status update meetings.
• Ability to learn various tools and systems used in vendor security review process.
• Ability to run meetings effectively.
• Ability to effectively communicate and partner with vendor personnel as part of the reviews.
• Ability to effectively review contracts, addressing vendor redlines, drafting additional language. Ability to negotiate security points and ability to differentiate key versus non key points based on vendor engagement.
• Ability to be a self-starter, work well independently and also be a  team player.
• Maintain knowledge of security principles and regularly engage in self-study to advance knowledge.
• Experience working in fast paced e-commerce environment highly desired

The annual base salary range for this position is $163,260.00 - $201,600.00 The actual base salary offered depends on a variety of factors, which may include, as applicable, the applicant’s qualifications for the position; years of relevant experience; specific and unique skills; level of education attained; certifications or other professional licenses held; other legitimate, non-discriminatory business factors specific to the position; and the geographic location in which the applicant lives and/or from which they will perform the job.  Individuals employed in this position may also be eligible to earn bonuses.  Sephora offers a generous benefits package to full-time employees, which includes comprehensive health, dental and vision plans; a superior 401(k) plan, various paid time off programs; employee discount/perks; life insurance; disability insurance; flexible spending accounts; and an employee referral bonus program. This job will be posted for a minimum of 5 days.

While at Sephora, you’ll enjoy… 

• The people. You will be surrounded by some of the most talented leaders and teams – people you can be proud to work with.  
• The learning. We invest in training and developing our teams, and you will continue evolving and building your skills through personalized career plans.
• The culture. As a leading beauty retailer within the LVMH family, our reach is broad, and our impact is global. It is in our DNA to innovate and, at Sephora, all 40,000 passionate team members across 35 markets and 3,000+ stores, are united by a common goal - to reimagine the future of beauty.

You can unleash your creativity, because we’ve got disruptive spirit. You can learn and evolve, because we empower you to be your best. You can be yourself, because you are what sets us apart. This, is the future of beauty. Reimagine your future, at Sephora.

Sephora is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, ancestry, citizenship, gender, gender identity, sexual orientation, age, marital status, military/veteran status, or disability status. Sephora is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities.

Sephora will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.