The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year. The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels.

ELC prizes the confidentiality of its consumers and therefore places a premium on cybersecurity. As the business world becomes increasingly digital and cyber threats grow in number and in sophistication, ELC will continue to invest and develop a proactive people-centered, cybersecurity program. The Enterprise Cybersecurity and Risk (ECR) team spearheads these efforts.

The ECR Risk and Compliance Senior Analyst will drive Compliance initiatives, including evaluation of IT-related risks, assessment of control effectiveness, and control owner achievement of effective control environments for continued compliance.

This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

Impact the ECR Risk and Compliance function, including collaboration with Internal Audit, Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information Technology (IT) teams, and leadership across brands, regions, and functions. Responsibilities will include, but not be limited to:

• Perform an annual SOX IT Risk Assessment, including gathering information for in-scope SOX entities and facilitating pre-implementation audit reviews.
• Coordinate with internal and external auditors to facilitate creation of and collection of Document Request Lists (DRLs), to review supporting documentation, to proactively identify control gaps, to schedule/facilitate IT walkthroughs, to coordinate control tests, and to support control owners throughout the audit processes.
• Track all audit timelines, pending audit requests, audit testing status, and results.
• Track and ensure timely/comprehensive remediation of IT control deficiencies from internal and external auditors, including reviewing/evaluating control gaps or deficiencies and performing root cause analysis.
• Collaborate with process/control owners to establish remediation action plans, including achievable due dates; then review and evaluate remediated controls.
• Guide control owners in the execution of IT controls, including meeting supporting documentation requirements.
• Build and maintain executive-level reporting for IT audit work streams, including timelines, issues, severity/impact, and remediation dates.
• Update IT policies, standards, and Standard Operating Procedures.
• Collaborate with IT project leads and team members to assess scope, objectives, and deliverables for Compliance-related programs and projects.
• Review IT controls within project life cycle/system implementation, including identification of projects/system implementations with regulatory impacts. Establish IT controls for gaps/deficiencies identified. Establish control checklists for project teams to complete to ensure tasks/deliverables are reviewed and approved for each milestone and to determine readiness to move to future phases.
• Ensure business requirements/functionalities are tested, reviewed, and approved; liaise with project sponsors/vendors/suppliers. Regularly report project progress/system implementation status to ensure progress and on-time completion. Evaluate and report any IT risks of projects, including the development of contingency plans.
• Assess vendor’s IT control environments for regulatory-related hosting and/or services.
• Participate in M&A due diligence and integrations to review IT controls, to identify potential gaps, to design controls, and to ensure continued compliance.

Qualifications

• 5 years of practical experience in technology risk and control or IT audit (audit firm experience is a plus), including experience in project governance/management and understanding of business processes, key IT risk/controls, organizations, markets, retail, and/or manufacturing.
• Strong communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas. Ability to problem-solve, think creatively, challenge the status quo, and manage ambiguity.
• Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.
• Proficient in Microsoft Excel, Word, and PowerPoint, including data visualization. Proficient in English as a business language.
• Experience handling, securing, and communicating highly confidential and sensitive information.
• 3 years minimum related experience
• Undergraduate degree in computer science/business or equivalent professional experience
• CISSP/CISA/CISM/CRISC/CGEIT/ITIL or equivalent certification is desirable

The anticipated base salary range for this position is $98,500 to $165,750. Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results as well as participation in the share incentive plan.

In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company.

Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Schedule: Full-time
Shift: 1st (Day) Shift
Job Number: 2312266

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.

The Estée Lauder Companies (ELC) is the global leader in prestige beauty. ELC is the only company focused solely on prestige makeup, skin care, fragrance and hair care with a diverse portfolio of 25+ brands sold in approximately 150 countries and territories. Infused throughout the organization is a passion for creativity and innovation — a desire to push the boundaries and invent the unexpected — as we continue the bold work of the company’s founder Estée Lauder.