The Estée Lauder Companies Job - 30923722 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: The Estée Lauder Companies
Location: New York, NY
Career Level: Mid-Senior Level
Industries: Retail, Wholesale, Apparel


The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year. The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels. ELC prizes the confidentiality of its consumers and therefore places a premium on cybersecurity. As the business world becomes increasingly digital and cyber threats grow in number and in sophistication, ELC will continue to invest and develop a proactive people-centered, cybersecurity program. The Enterprise Cybersecurity and Risk (ECR) team spearheads these efforts. The ECR Manager, Vulnerability Management Lead will impact a global team focused on cyber threat management, consistent with the threats and scale of a Fortune 500 retail, wholesale, and manufacturing enterprise entering a period of rapid business growth through innovation and acquisition. His or her main focus will be on vulnerability management, with impacts to mobile security, awareness and education, and metrics. Vulnerability Management is involved in all aspects of the business, including all brands, functions, and regions worldwide, and thus requires interaction with all levels of technical and business acumen.
This role necessarily deals with highly confidential and sensitive information, and the role is expected to confirm to best handling practices.
Lead and impact the global Vulnerability Management function, including collaboration with Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information technology (IT) teams, and leadership across brands, functions, and regions. Main responsibilities will include:
• Vulnerability Identification (including awareness of current vulnerabilities and patches) • Evaluate mobile security containerization for corporate apps • Develop guidance to provide to ELC mobile applications developers and integrators • Ensure patches are completely rolled out and that all devices on the network are in compliance with patching policies (including analysis and tracking of patch deployment, and partnership with IT to remediate vulnerabilities) • Implement a process for discovering new applications, performing risk assessments, and following up on remediation efforts (including execution and analysis of vulnerability scans) • Provide malware scanning, threat detection, monitoring, and remediation • Interaction and review of security exceptions.


Experience leading or performing Vulnerability Management, including awareness of current vulnerabilities and patches, analysis and tracking of patch deployment, execution and analysis of vulnerability scans, partnership with IT to remediate vulnerabilities, and interaction and review of security exceptions.
Business knowledge to perform just-in-time risk management and incident response for vulnerability management situations. Understanding of retail/manufacturing sufficient to correlate attackers' motives to business impacts and to appropriately adjust controls in response to vulnerabilities detected. Experience generating metrics and driving efforts to completion.
Experience handling, securing, and communicating highly confidential and sensitive information.
Information security familiarity with vulnerability scanning/identification/management and patch management; cybersecurity operations; malware, and attack patterns; awareness and training; scenario planning; penetration testing/red teaming; mobile security; threat intelligence monitoring; incident management; insider threat and data leakage protection; application security; and policies, standards, and procedures. Hands on experience in these domains or other key technology domains, such as coding/developing, understanding technology standards, deploying new technologies, and integrating new and existing technologies.

Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Schedule: Full-time
Shift: 1st (Day) Shift
Job Number: 1925073

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact

 Apply on company website