Cyber Security Manager

OUR MANIFESTO

At Sephora, we stand together, and we stand for something more. For empowerment, for exploration, for the opportunity to impact people’s lives through the unlimited power of beauty. We embrace uniqueness, unleash creativity, and pursue progress every day.  Sparked by energy and excitement, our passion is contagious. We are united by a common goal - to reimagine the future of beauty. Reimagine your future, with Sephora.

POSITION PURPOSE:

The cybersecurity manager at Sephora as a retail and online company plays a crucial role in protecting the organization’s Tech and digital assets, customers, and employee data. The cybersecurity manager must be comfortable with the 5 C's of cybersecurity: Change, Continuity, Cost, Compliance, and Coverage and knows how to put into practices all of them in an ever-evolving digital and tech realm where securing assets against threats has become paramount.

KEY ACCOUNTABILITIES:

The main missions of the cybersecurity manager are:

• The coordination with Sephora and LVMH EME and global security team and ensure the local work on the prevention program enhancing information security culture, building a partnership with key business units, and ensuring that the state of the art of security is considered by design in all projects, managing security checks and remediation (Pentest, internal, external audit).
• A very close relationship with the Governance & Security Expert within the Sephora EME and global teams as well as a close collaboration with Key local and regional contacts from Business and IT to ensure coordination and assistance on the enforcement of Sephora EME Security Strategy.
• He/she will work with various team members to assist the integration of business units, local enforcement of Sephora Security Policy and advice on the deployment of security initiatives in GCC, follow-up of actions, and oversee progress to ensure goals are met.
• Creating local security governance of key partners to assess risks, build and follow remediation actions plan.
• The Cybersecurity manager will manage and coordinate all the work/tasks across the region: KSA, UAE, QA, KW, BH and OM.

RELATIONAL

• Have a good relationship/interpersonal, rigorous, and service oriented,
• Relationship management with the EME and global cyber security team,
• Relationship management with external vendors,
• Relationship management with User Experience, Network, Systems, and IT ops EME and Global teams.

ORGANIZATIONAL

• Follow all relevant IT policies, processes, and standard operating procedures so that work is carried out in a controlled and consistent manner, in accordance with LVMH group and Sephora EME & global rules and policies,
• Set up dashboards, metrics and measure the QoS of the delivered services.

OPERATIONAL

• Risk Assessment: Identifying potential security threats and vulnerabilities within the company's systems and networks, including those related to online transactions and customer information.

• Solid online cybersecurity background: setup, monitoring, and adapting the web/ digital cyber security posture and configurations, this includes:

• Vulnerability and Fraud management

• Security posture on AKAMAI for different modules and enforcement of web/digital security roadmap, notably:

  • WAF - Web Bot Manager,

  • SDK-App,

  • Anti DDOS,

  • CDN,

  • Account protector,

  • Pages Integrity,

• Cyber Security Policy and best practices Enforcement: Implementing security policies and procedures to protect sensitive data, ensuring compliance with LVMH security footprint and process.

• Incident Response: Assist EME and global teams when managing an incident response plan to address security breaches or attacks directly targeting the region or local partners, including detection, containment, eradication, and recovery processes.

• Employee Cybersecurity Awareness: Enforcing EME and Global awareness and learning initiatives to promote cybersecurity culture. Promoting best practices, coordinating phishing campaigns, and safe handling of customer data to promote a security-aware culture.

• Monitoring and Reporting: Collaborate with regional teams on monitoring of systems for suspicious activity and reporting to assess the effectiveness of security measures.

• Collaboration with IT Teams: Working closely with IT development teams to ensure that security is integrated into all systems and processes, including software development, vulnerability management and network architecture.

• Vendor Management: Evaluating third-party vendors for security compliance, especially if they handle sensitive customer data or have access to internal systems.

• Regulatory Compliance: Ensuring that the company adheres to laws and regulations governing data protection and cybersecurity, such as GDPR or CCPA.

• Payment security: Collaborate with EME & Global teams in the security of payment methods and related partners, ensuring the compliance of industry standards such as PCI-DSS (EFT and Credit card payment).

• Technology Implementation: Overseeing the deployment of security technologies (like firewalls, intrusion detection systems, encryption, and anonymization) to protect the company's assets.

• Close collaboration with internal control teams on the DRP topics, ensuring a hand in hand work on the below.

• Close collaboration with legal team on GDPR, Local Data protection laws and in general data privacy topics

• In summary, the IT cybersecurity manager will ensure that both retail and online projects, solutions and operations are secure, helping to build customer trust and protect the organization from potential threats, according to LVMH and Sephora EME and Global tech team

SKILLS QUALITIFCATIONS AND PERSONAL ATTRIBUTES

• You have proven track record and skills as a Cyber Security professional in an international and multicultural environment.

• Have a cybersecurity mindset.

• Have advanced knowledge of Information Security technologies best practices and international standards,

• Advanced knowledge of Risk Management, and international standards,

• Have a global understanding of Retail and distribution activities, related processes, and IT ecosystems.

• You’re able to understand how they work together. You’re able to get the big picture and global understanding of the project on which you contribute, as well as operationally support, implement, and coordinate activities,

• Be Self-starter, ability to take a topic and drive it to deliver business value,

• Proven analytical, evaluative, and business oriented.

• Have the capability to work as a reliable IT business partner, rather than just a technical support function and delight our end-users,

• Endowed with a very strong general IT knowledge, and high competences in systems, security, and network,

• Have “Hands-on” and ability to operationally contribute to the success of the projects,

• Being problem solving oriented,

• Experience working in complex IT environments, and able to prioritize and plan complex work in a rapidly changing context, with a good level of project management expertise,

• Experience managing multiple vendors and projects simultaneously to deliver quality outcomes for internal stakeholders, across varied domains and geographical locations (GCC),

• Extensive experience working in a team-oriented, collaborative environment,

• Have an effective communication with various stakeholders at EME and Global level, including IT and business,

• Be “end-users" and "service quality" oriented,

• Be comfortable with matrix organization,

• Have > 10 years’ experience (including at least 3 Years in an omni retail company),

• Have master’s degree in computer science or equivalent.

• CISSP, ISO 27001, ISO 27005, CRISC or CISM Certification not mandatory but will be greatly appreciated.

• Arabic and French are a real plus.

• Visionary leadership: Unafraid to challenge norms, think outside the box, and push boundaries to drive innovation.

• Decisive & results-oriented: Ability to make timely, effective decisions and deliver on ambitious goals.

• Collaborative & inclusive: Builds trust and fosters collaboration across diverse teams and stakeholders within &beyond Sephora.

• Energetic & passionate: Operates with a can-do mindset and enthusiasm for collective success.

• Adaptable & resilient: Thrives in a fast-paced, dynamic retail environment with a commitment to continuous improvement.

Most importantly, she/he need to have excellent authentic communication and influencing skills and be energized by working in a fast paced, dynamic environment.