Job Specifications
Summary
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beaute. Inspired by their creative heritage, Kering's Houses design and craft exceptional products and experiences that reflect the Group's commitment to excellence, sustainability and culture.
This vision is expressed in our signature: Creativity is our Legacy. In 2024, Kering employed 47,000 people and generated revenue of EUR17.2 billion.
Groupe de Luxe mondial, Kering regroupe et fait grandir un ensemble de Maisons emblematiques dans la Mode, la Maroquinerie et la Joaillerie : Gucci, Saint Laurent, Bottega Veneta, Balenciaga, Alexander McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, ainsi que Kering Eyewear et Kering Beaute. En placant la creation au coeur de sa strategie, Kering permet a ses Maisons de repousser leurs limites en termes d'expression creative, tout en faconnant un Luxe durable et responsable. C'est le sens de notre signature : Creativity is our Legacy. En 2024, Kering comptait 47 000 collaborateurs et a realise un chiffre d'affaires de 17,2 milliards d'euros.
Job Description
We are currently seeking an Information Security Assurance Officer to join our team Security Governance, Risk and Compliance in Cybersecurity Department
Your opportunity
During the last few years, Cybersecurity team have established a first set of policies and requirements to be applied during project delivery but also enforced during day to day activities. We are now executing controls related to policies to demonstrate continuous improvement and compliance with Security standards. This position will be held within central cybersecurity team with permanent touchpoints with Maisons of Kering group.
How you will contribute
Those activities will include:
* Collaborate with Cybersecurity GRC Head to construct an IT security controls framework
* Collaborate with IT and engineering and steer teams to build, execute and automate security controls
* Identify control gaps and work with the technology and business teams to close them
* Maintain a risk register and track remediation to risk operational risk opened by supporting tech teams
* Coordinate with external auditors and internal process and control owners to enable completion of control testing
* Develop streamlined processes to track and report on security issues and act as risk liaison for Cybersecurity
* Manage third party security assessment and streamline supporting processes working with procurement, legal, finance and the DPO
* Support security certification and/or alignment with industry standards and best practice (e.g. CIS Controls, PCI DSS, ISO27001, Swift)
* Manage few consultants or forfeits to support activities
Who you are
Training: Master's degree in Information Systems, ideally supplemented by one or more security certifications CISSP, ISO 2700X, C-RISC, CISM, C-CISO, OCSP, GIAC, SANS or equivalent demonstrable skills
Experience: At least 5 years of professional experience in the field of IS security, including at least 3 years in one of the areas of technical testing (audit/pentest) or compliance, security engineer.
* Experience developing security control frameworks based on security best practice and industry standards such as the CIS Controls, ISO27000 series, PCI DSS, or SWIFT standard
* Experience with applying controls in the Cloud (AWS, GCP) and in the software development lifecycle
* Experience setting up security assurance programs across third parties
* Experience working with external and internal audit and risk in a liaison capacity
* Experience managing an IT control and security assurance program
* Policy writing experience would be an asset
Expertise:
* Basic knowledge of how business processes are supported by IT and security controls
* Good knowledge of technical control framework (NIST, CIS, etc) to prevent attack techniques (mitre att&ck)
* Strong technical skills to support technical assessment and remediation actions
* Strong technical skills related to Cloud environment (AWS, GCP) secure configuration (CSA)
Expected qualities:
* Passionate about security and technology, curious
* Compliance, regulations and standards: Knowledge of the main regulations and ability to assimilate new standards and benchmarks
* Ability to work independently in a complex environment
* Excellent communication skills
* Organizational skills and excellent communication
* Fluent English
Why work with us?
Are you willing to ensure Kering delivers cutting edge services? Do you believe that security enhances the overall quality of IT services? Are you passionate in helping others to understand how secur
About the Company
Kering is a global, family-led luxury group, home to people whose passion and expertise nurture creative Houses across ready-to-wear and couture, leather goods, jewelry, eyewear and beauty: Gucci, Saint Laurent, Bottega Veneta, Balenciaga, McQueen, Brioni, Boucheron, Pomellato, Dodo, Qeelin, Ginori 1735, as well as Kering Eyewear and Kering Beaute. Inspired by their creative heritage, Kering's Houses design and craft exceptional products and experiences that reflect the Group's commitment to excellence, sustainability and cu...
Know more