vp, Risk And Data Security, Protection, And Resilience
$221.6k - $377.2kFull-time
Estée Lauder Companies
The Estée Lauder Companies Inc. is one of the world's leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of luxury and prestige brands globally. The company's products are sold in approximately 150 countries and territories under brand names including: Estée Lauder, Aramis, Clinique, Lab Series, Origins, M·A·C, La Mer, Bobbi Brown Cosmetics, Aveda, Jo Malone London, Bumble and bumble, Darphin Paris, TOM FORD, Smashbox, AERIN Beauty, Le Labo, Editions de Parfums Frédéric Malle, GLAMGLOW, KILIAN PARIS, Too Faced, Dr.Jart+, the DECIEM family of brands, including The Ordinary and NIOD, and BALMAIN Beauty.
Description Who We Are Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skincare, and luxury fragrance brands? Then join our Risk Management and Data Security team in Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). Our Risk Management and Data Protection team is responsible for identifying, assessing, and mitigating potential risks to the enterprise and our data. This small but important group actively governs these critical pillars of work, shapes our risk management strategies, finds mitigation strategies. They will lead three teams- (1) Strategic Risk Management and Reduction, (2) Supplier Security and Third Party Risk Management, and (3) Data Security including Data Protection and Classification, Data Resilience and Disaster Recovery, and Data Loss Prevention. Their teams will collaborate across security, technology and business functions and will help to directly fortify the organization against evolving risks.
What You'll Do As the Vice President, Risk Management and Data Security, you will lead the company's approach to cybersecurity and technology risk management and securing our data in its various forms, in collaboration with data and analytics and data privacy.
In this exciting new role, you will:
- Lead and develop teams across technology risk, data protection, and security.
- Establish governance forums for risk, security, and data protection decisions.
- Partner with IT, Engineering, Legal, Compliance, and Product teams.
- Translate technical and cyber risk into clear executive-level reporting.
- Drive accountability without creating friction or unnecessary bureaucracy.
- Drive consistent governance cadence with clear decision outcomes.
- Have strong collaboration with technology and business leaders.
- Maintain executive trust in risk and security reporting.
- Define and own the enterprise data protection vision, roadmap, and operating model
- Serve as the executive authority on data risk, data security, and data lifecycle management
- Translate regulatory, legal, and business requirements into actionable data protection policies
- Build and lead a high-performing global data protection organization
- Define KPIs and dashboards for:
- Data risk posture
- Coverage of discovery and classification
- DLP effectiveness
- Remediation progress
- Regularly brief executive leadership and the board on data protection risks and progress
- Establish and oversee enterprise data governance frameworks, including:
- Data ownership and stewardship
- Data lifecycle management
- Data quality, retention, and disposition
- Partner with business and technology leaders to embed governance into day-to-day operations
- Ensure governance scales across cloud, hybrid, and multi-cloud environments
- Own the enterprise data classification strategy, including:
- Sensitive data identification (PII, PHI, PCI, IP, regulated data)
- Labeling and tagging standards
- Implement and mature automated data discovery tools across:
- Endpoints
- SaaS applications
- Cloud storage
- Data lakes and warehouse
- Drive continuous discovery and remediation of exposed, misused, or over-retained data
- Design and oversee data security controls across:
- Data at rest, in transit, and in use
- Structured and unstructured data
- Lead enterprise DLP strategy and execution, including:
- Endpoint, network, cloud, and SaaS DLP
- Insider risk management
- Exfiltration prevention
- Partner with SOC and Security Operations on detection, response, and incident handling involving data exposure
- Define standards for secure data management in cloud platforms (AWS, Azure, GCP)
- Ensure protection of data within:
- Cloud storage (S3, Blob, GCS)
- Container security
- Data lakes
- Analytics platforms and AI/ML pipelines
- Implement controls for:
- Encryption and key management
- Access governance
- Data segmentation and isolation
- Cross-border data transfers
- Address emerging risks related to AI training data and model output
- Leading the ECR team and its technology stakeholders to reduce the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Risks related to but not limited to:
- Architecture, infrastructure, cloud, and applications
- Identity and access management
- Software development and DevSecOps
- Vulnerability management, technical debt, and configuration drift
- Third-party and supply chain technology risk
- Data Lakes and the cloud
- Overseeing risk assessments and data security and protection for:
- New and emerging technologies and platforms
- Cloud migrations and architecture changes
- High-risk vendors and service providers
- Defining risk appetite and tolerance in partnership with leadership, ongoing measurement and reporting on risk against thresholds
- Maintain a technology and cyber risk register with clear ownership and mitigation plans.
- Overseeing and redefining the risk identification and risk management processes
- Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation
- Collaborating to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements
- Enabling balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.
- Translating technical risk into business impact and likelihood.
- Providing regular risk reporting to executive leadership.
- Defining and execute the data protection strategy focused on risk reduction.
- Establishing and enforcing:
- Data classification and labeling
- Data handling and retention standards
- Access controls and least-privilege principles
- In all areas of the business and in all technology platforms
- Partnering with Privacy, Legal, and Compliance to ensure regulatory data protection requirements are met (e.g., GDPR, CCPA/CPRA, HIPAA, PCI DSS).
- Overseeing and ensuring the design and implementation of:
- Encryption at rest and in transit
- Data Loss Prevention (DLP) capabilities
- Monitoring of data access and movement throughout the enterprise
- Partnering with Architecture and technology teams to ensure our Zero trust framework ensures data is protected at all times
- Helping govern the response to data exposure and data breach incidents both internally as well as with third parties.
- Cybersecurity Depth: Cybersecurity skills include exposure to multiple cybersecurity domains e.g. cybersecurity architecture, engineering, operations, IDAM.
- Cyber attack framework: First-hand experience in cybersecurity attacks and controls and how one works against the other. Experience with industry cybersecurity best practices and domains, with a constant willingness to learn more. Understanding of the MITRE ATT&CK framework.
- IT Proficiency: At least 2 years delivering in at least 1 domain of information technology such as networks, application development, and infrastructure. Basic SDLC knowledge to include engineering and deployment plans and review boards.
- Risk Management: Experience with ServiceNow and eGRC tools and the Integrated Risk Modules within.
- Data Governance, Loss Prevention and Insider Threat: Expertise in governing framework for DLP monitoring and configuration. Data discovery experience in
- Problem-Solving and Proactivity: Ability to identify opportunities for improvement and assist in the implementation of solutions. Initiative and autonomy in supporting ECR's strategic and operational goals.
- Collaborative Mindset: Strong teamwork and community-building skills with the ability to collaborate effectively with cross-functional teams and stakeholders at various levels of seniority.
- Administrative skill: Exposure to foundational data analytics. Basic Excel skills. Basic PowerPoint and Power BI Reporting.
- Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
- Adaptability and Flexibility: Ability to work in a dynamic environment and adapt to changing priorities.
- Attention to Detail: Strong organizational skills and attention to detail in data analysis and reporting.
- Bachelor's degree in Computer Science or Cybersecurity related field - required
- Post-graduate work or thesis in Risk Management - preferred
- Minimum 15+ years relevant experience within Information or Cyber Security
- 8+ years experience serving specifically in Cybersecurity leadership roles
- Technical certification such as OSCP, CEH, CCSP, PenTest+, CISSP, SANS GIAC or equivalent to demonstrate technical proficiency - strongly preferred
- Must have hands on experience delivering in security capabilities and the technologies powering a security stack, as well as first-hand knowledge of what it takes to engineer and deliver on IT and security technologies and controls
- Must have experience in making security decisions, prioritization, and trade-offs based on risk
- Experience delivering in at least two of the three lines of defense, demonstrating an understanding of what it's like to be in the audit or owner seat.
- Previous business management experience preferred, demonstrating effective senior stakeholder engagement and influence capability
- Demonstrated experience in analysis, data gathering, data collation and data interpretation
- Strong working knowledge of security frameworks, policies and industry standards, appropriate and secure functionality of infrastructure and applications, and experience in assessing and mitigating technology risk
- Strong understanding of and experience adhering to industry standards and frameworks such as NIST CSF, PCI, SOX, ISO/IEC 27001, NIST SP800, COBIT, ITIL, etc.
- Ability to dive deeply into technical subject matter with IT and Security leadership and SMEs, influencing and leading change in the technical and process approaches in order to improve the security of the organization
- Ability to effectively communicate technical topics in the business language in order to drive successful outcomes for the organizationDemonstration of leadership/management assignments, and prioritization of competing urgencies
- Broad experience in team management with a global and virtual capability, demonstrating strong leadership, influence and motivational skills with a known good reputation in both skillset and relationships in the security industry.
- Deep experience in building and leading teams, identifying and developing cybersecurity talent, and driving operational excellence and effectiveness across security architecture, engineering and operations
- Track record in building and leading strong teams of thriving, motivated, skilled individuals
- Ability to lead and influence solution development in a complex and challenging environment
- Global experience that demonstrates effective engagement with a variety of stakeholders who have competing expectations and priorities
- Professional English fluency and presentation skills required, with the expectation to deliver orally and in writing to executive level audiences
- CISSP, CISM, CCSP, OCSP, or equivalent certification is preferred.
Vacancy posted 23 hours ago
Similar jobs that could be interesting for youBased on the vp, Risk And Data Security, Protection, And Resilience in New York, NY vacancy
$250k - $270k
...implementation of our AI Security Program. In this role,... ...You'll partner with Data Security, Engineering,... ...adoption is responsible, resilient, and secure by design.... ...Architecture, Legal, and Risk teams to build secure patterns... ...identity, data protection, and workload isolation...RiskTemporary workWork experience placementFlexible hoursAres Management
New York, NY2 days ago- ...lifecycle. You partner closely with design, data, engineering, operations, legal, risk, and compliance to build applications... ...feedback loops Ensure solutions meet security, privacy, and regulatory expectations for data protection and usage Monitor outcomes post-...RiskWork visa
Chase
New York, NY4 days ago $93.5k - $207k
..., such as your social security number. What to know:... ...gold standard in cyber resilience. The company empowers... ...cyberattacks - keeping data safe and businesses resilient... ...best-in-class data protection, exceptional data... ...on Commvault to reduce risks, improve governance, and...RiskWork experience placementLocal areaCommvault
New York, NY15 hours ago$145k - $196k
...Senior AI/ML Data Engineer - Vice President Job Level... ...President Job Function: Business Resilience & Security Location: New York, NY, US... ...Role Description The VP, Senior Data Engineer, is... ...and response across data protection, insider risk, and security operations...RiskFull timeWork at officeLocal areaWork from homeWorldwideSmbc Global Foundation Inc
New York, NY1 day ago- ...Data Owner Lead Join the Chief Administrative Office – Chief... ...Technology, Analytics, Operations, and Risk and Control functions. Your... ...data quality, integrity, and security, while supporting innovation... ...lifecycle, including data protection, privacy, retention, destruction...RiskWork at office
Chase
Jersey City, NJ2 days ago - ...Lead Data Developer - VP Working at Citi is far more than just a job. A... ...and operate high-performance, resilient data platforms that empower... ...engineer to join our Realtime Risk Data team. This role is at... ...teams. Data Governance & Security: Experience with data governance...Risk
Citi
New York, NY2 days ago $98.8k - $146.4k
Security & Privacy Awareness and Training Analyst - USDS... ...The USDS Security - Risk & Compliance team is responsible... ...and bring joy. U.S. Data Security (“USDS”) is a... ...governance to our data protection policies and content... ...innovate as one team. We're resilient and embrace challenges...RiskFull timeTemporary workLocal areaShift work- ...Merchant Services is a leading provider of payment, fraud and data security for companies, capable of authorizing transactions across global... ...stakeholders, including Finance, Corporate Development, Risk, Operations, and Wealth Management teams. Key Responsibilities...Risk
- ...Cyber incident management position at VP level within Risk, Regulatory & Resilience, which performs various independent... ...that create cyber, information security, or fraud risk. You will also help... ...(preferred) Bachelor’s degree in Data Science, Computer Science, Finance,...RiskTemporary work
$136.5k - $300k
...recommendation, design validation, risk identification, and... ...cost efficiency, and security posture scores).... ..., operational resilience, and cost optimization... ...event-driven designs, data platforms, security architecture... ...(model risk, data protection, auditability). ~...RiskTemporary workWorldwideFlexible hoursBNY Mellon
New York, NY4 days ago- ...Vice President, Data Strategy Team Bring your expertise to JPMorgan Chase. As part of Risk Management and Compliance, you are at the... ...JPMorgan Chase strong and resilient. You help the firm grow its... ...addressing issues related to data protection, retention, storage, use,...Risk
Chase
Jersey City, NJ2 days ago $226k - $275k
...Director of Security & IT New York, NY (Hybrid... ...live more resilient lives. Backed by strategic... ...accountability for protecting sensitive health and financial data, maintaining regulatory... ...and mitigate risks across IT infrastructure... ...closely with the VP of Engineering on...RiskWork at officeNayya
New York, NY2 days ago- ...About the job VP, Head of Responsible AI VP, Head... ...ethical, legal, and security guardrails in a data-centric operations environment... ...while minimizing systemic risk. Responsibilities: ~ Define... ...transparency on AI data protection. ~ Partner with Business...Risk
Inizio Partners
New York, NY3 days ago - ...Job Title: VP-level - Product Due Diligence & Risk Approval Lead Location : Wilmington, DE/Jersey... ...risk, technology risk, information security, data/privacy, third-party). Proficiency... ...and comply with all relevant data protection laws. Please note that we only...RiskContract work
ApTask
Jersey City, NJ8 hours ago $195k - $300k
...accomplished attorney to lead the cybersecurity/data protection/privacy function and oversee regulatory... ...strategic oversight of regulatory risk management and corporate compliance... ...credible challenge for the firm’s information security program in partnership with the CISO....RiskContract workWork at officeNational Financial Partners
New York, NY5 days ago- ...capabilities. You work with design, data, and engineering partners to create reusable, resilient platform features that... ...new capabilities using value, risk, and feasibility trade-offs... ...regulatory expectations and strong security and data protection practices Support go-to-...Risk
Chase
New York, NY1 day ago $150k - $180k
Overview The VP, Crisis & Incident Management Lead is responsible for the strategic leadership... ...the Americas. As part of the Operational Resilience team, this individual will ensure that... ...a resilient culture through a proactive, risk-informed approach that integrates cross-...Risk- ...VP, Head of Responsible AI A global, data-driven organization is seeking a visionary... ..., governance, and risk frameworks.... ...innovation, compliance, and security—ensuring AI... ...including red-teaming and resilience testing against... ...fine-tuning workflows protect sensitive data and...Risk
$400k
...Cohesity is a leader in AI-powered data security and management. Aided by an... ...makes it easy to secure, protect, manage, and get value from data... ...in the most complex cyber resilience- opportunities. HOW YOU'LL... ...management and sensitive data risk Ensure these...RiskHourly payFull timeWork at office2 days per week3 days per weekCohesity
New York, NY3 days ago- ...Chief Information Security Officer (CISO) About the Company Global organization modernizing enterprise risk, data governance, and cyber protection. Industry Internet Type Privately Held About the Role The Company is seeking a Chief Information Security...Risk
- ...Job Title: AI Risk and Audit Consultant Location: New York - 3x/week onsite... ...Hybrid 3 days a week onsite AI Security and Controls Subject Matter Expert to... ...: Review and assess privacy controls, data protection measures, and security protocols applied...RiskFull time3 days per week
AceStack LLC
New York, NY1 day ago $160k - $175k
...we strive to generate strong risk adjusted returns for our... ...Vice President, Information Security Lead to join the Information... ...DORA, GDPR, CPRA), business resiliency, and application security. You... ...matter expert for GDPR (General Data Protection Regulation) and CPRA (...RiskPermanent employmentLocal areaWorldwide- ...accounting engines migration, specific data pipelines (Front Office to BA... ...ADTS, Pub/Sub), data models, security frameworks (e.g., layered... ...principles and standards. Risk Identification: Identify... ...performance, scalability, and resilience, particularly for high-volume...Risk
Citi
Jersey City, NJ2 days ago - ...governance stakeholders to deliver secure, resilient, scalable platform... ...and consumers of record-based data. You will own an API portfolio... ...cases. You will collaborate with risk, controls, cybersecurity, and... ...on the basis of any protected attribute, including race, religion...Risk
Chase
New York, NY1 day ago $65k - $230k
...Business Impact Analysis (BIA), Risk Assessment (RA), and update of... ...Risk Management, Information Security and RCSA for instance as a BCM... ...the maintenance of BOCNY's resilience and viability before, during,... ...Business Continuity Planning for VP level; 4+ years of work experience...RiskWork experience placementImmediate startBank of China
New York, NY1 day ago- ...Security Architect / AI Security AppSec Architect We are... ...our systems remain secure, resilient, and compliant. You will combine... ...'s ecosystem, ensuring data privacy and IP protection. · Threat Modeling:... ...between innovation and rigorous risk management. · Identity &...Risk
RIT Solutions
New York, NY2 days ago - ...capture) Drive platform reliability and resilience, proactively mitigating systemic risks and improving performance of critical security systems Solve complex technical... ...cybersecurity solutions and capabilities Drive data integration and insights across multiple...Risk
BNY Mellon
New York, NY1 day ago - ...President – HR Governance & Workday Risk Oversight We are partnered with... ...oversight People systems controls, security, and access management HR data governance and audit readiness... ...governance frameworks, improve operational resilience, and enhance the effectiveness of...Risk
Hw3 Llc
New York, NY2 days ago - ...VP/DIR, Mortgage Desk Quant/Strat New York, New York To... ...experiences. These journeys foster resilience, leadership and innovation,... ...for specific business units or risk types. Key responsibilities... ...origin, ancestry, citizenship, protected veteran or disability status or...RiskWork experience placementWork at officeFlexible hoursShift workDay shift
Bank of America
New York, NY2 days ago $240k - $275k
...global leader in Human Risk Management, trusted... ...worldwide to secure their employees and... ...threats. We believe that protecting organizations from... ...hand in hand. True resilience is collective; it... ...our people, our data, and our planet. Role... ...the years ahead. The VP will lead this...RiskWork at officeLocal areaRemote workWorldwideShift workEgress
New York, NY3 days ago
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to vp, Risk And Data Security, Protection, And Resilience. Be the first to apply!
Related searches
- vp emea New York, NY
- vice president sustainability New York, NY
- vice president estimating New York, NY
- vice president media New York, NY
- vice president public policy New York, NY
- assistant vice president compliance New York, NY
- vice president manufacturing New York, NY
- vice president New York, NY
- vice president process improvement New York, NY
- vice president business solutions New York, NY