About the job
The ED, Global Head of Cybersecurity Threat Management will run and grow a global team managing all aspects of cyber threat management, consistent with the threats and scale of a Fortune 500 retail, wholesale, and manufacturing enterprise entering a period of rapid business growth through innovation and acquisition. This includes threat modeling, threat intelligence, incident detection, interruption of the kill chain, and damage control. Cyber Threat Management is involved in all aspects of the business, including all brands, functions, and regions worldwide. Interaction with all levels of business leadership is expected as part of communicating both preparedness against attacks and the impact of attacks that do occur.
This role necessarily deals with sensitive and highly sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.
Reporting to the ECR Head of Technology & Operations, lead the global Cyber Threat Management function across the enterprise, providing direction in collaboration with Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information technology (IT) teams, and executive leadership across brands, functions, and regions. Lead the CTMC (Cyber Threat Management Center) which includes security analysis, incident response, vulnerability management, pen testing, and holistic security monitoring and response.
- Operate the Cyber Threat Management function with complete accountability.
- Stop and mitigate complex attacks to protect ELC. This will require emergency decisions in response to active attacks outside of routine technology processes and communication of those decisions to technical personnel and senior leaders.
- Execute on key operational decisions with potentially high impact affecting attacks and threats facing ELC. These include, but are not limited to, spam campaigns, malware campaigns, organized criminal operations, and nation-state operations.
- Manage the budget for Cyber Threat Management. This role is fully accountable for several million dollars of operating budget, including decisions over hiring, consulting engagements, outsourcing, and services. Budget management includes assessing growth (or contraction) needs and making appropriate business cases to justify changes with support from business leadership.
This position will be based in Long Island City, N.Y.
- Leadership and Management
- Situational Awareness, Communications, and Training
- Incident Triage, Analysis, and Response
- Cyber Threat Intelligence, Hunting, and Analytics
- Vulnerability Management
- Expanded SOC Operations
- SOC Tools, Architecture, and Engineering
- Deep information and cybersecurity operations and response expertise, including deep expertise with and/or experience leading CyberSecurity operations (identify, protect, detect, respond, and recover functions); vulnerability management; reverse engineering, malware, and attack patterns (offensive and defensive technologies);table top scenario planning; penetration testing/red teaming; mobile security; vulnerability scanning/identification/management and patch management; threat intelligence monitoring; network/endpoint/perimeter/cloud/DNS/.com monitoring; incident management; data leakage protection; application security monitoring; policies, standards, and procedures; and information security metrics. Hands on experience in these domains and other key technology domains, such as coding/developing, understanding technology standards, deploying new technologies, and integrating new and existing technologies.
- Business expertise to perform just-in-time risk management and incident management guidance and leadership – especially given a growing and changing business and cyber risk landscape. Understanding of retail/manufacturing sufficient to correlate attackers’ motives to business impacts and to appropriately adjust controls. Management of a 24/7 cyber threat management operation (e.g. a Security Operations Center (SOC)). Understanding of holistic monitoring, including POS systems, IOT devices, physical security environments, etc.
- Strong experience in next-generation monitoring, including tools for supervised and artificial learning, artificial intelligence, user and entity behavior analytics, visualization technologies, and managing outsourced vendors for monitoring.
- Strong leadership and management skills, including experience leading rapidly changing organizations, managing vendor relationships, managing consultants and matrixed teams; managing budgets, making critical and timely decisions, and solving unique and complex problems.
- Executive-level communications and interpersonal skills, including experience briefing C-level leaders, influencing others, and engaging with information security and other leaders across industries.
- Experience handling, securing, and communicating highly confidential and sensitive information.
The anticipated base salary range for this position is $147,000 to $252,000. Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results as well as participation in the share incentive plan.
In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company.
Job Information Technology
Primary Location Americas-US-NY-Long Island City
Job Type Standard
Shift 1st (Day) Shift
- Salary: $150000 - $250000
- Citizenship: Us Citizen
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Partial Telecommute