Third-Party Risk Manager

The Estée Lauder Companies attracts the most outstanding people from diverse industries and nurtures their talents. Whether they work in one of our stores, on a production line, at our corporate headquarters in New York City or in one of our affiliates worldwide, our employees take pride in their contributions to our success.

Do you want to work for one of the world’s largest luxury beauty brands?

Are you passionate about ensuring that a company upholds its commitment to delivering value to customers every day?

Are you excited about the prospect of collaborating with a diverse and dynamic team, utilizing your language skills to enhance risk analysis processes?

We are looking for

Third-Party Risk Manager

to join our team in Budapest!

The role :

Member of ECR Governance, Risk and Compliance team with responsibility for execution of the TPRM (third-party risk management) program by leading a team of 3. Perform cybersecurity risk-based assessments which document key risk areas for third-party vendors. Work with both internal and third-party points of contact to develop remediation plans and track resolution status.

This role necessarily deals with highly confidential and sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.

Qualifications

Responsibilities :

• Partner with TPRM program key stakeholders to identify vendor due diligence requirements and ensure status is up to date.
• Able to review vendor due diligence materials (i.e., SOC1 / SOC2, Vulnerability Scan, ISO 27001, etc.) and identify potential risks.
• Familiarity with Frameworks such as NIST CSF, OWASP10, ISO, ITIL and CMMI.
• Familiarity with the difference between SaaS and COTS based applications and the unique risks of each.
• Awareness of emerging cybersecurity threats including zero-day vulnerabilities and supply chain related risks.
• Able to understand details of vendor’s cybersecurity program and identify where gaps exist with internal company policy requirements.
• Ability to perform root cause analyses on issues identified and clearly articulate to a less technical user.
• Ability to clearly articulate the potential implications of cybersecurity risks to less technical users.
• Able to triage use cases and prioritize risk based on scope and impact.
• Produce risk assessment reports and and effectively communicate and collaborate with vendors to implement remediation responses.
• Effectively collaborate with cross-functional, interdisciplinary teams, such as Procurement, Supply Chain, R&D, Legal and Privacy to conceptualize and require contract security provisions for remediation of risk identified in vendor assessments specific use cases and third-party engagements.
• Work with program lead and legal / privacy team to identify required contract security provisions to remediate risks identified in vendor assessment.
• Ensure all daily TPRM activities are delivered in an effective and timely manner and that all support and resources needed are available for success.
• Establish clearly defined OneSource TPRM team and individual goals and objectives and communicates these to the team through meetings and performance planning.
• Manage stakeholder escalations, resolve issues and implement stakeholder engagement processes and cadences.
• Review and optimize daily operational processes and activities identifying ways to improve efficiencies and opportunities for automation.
• Conduct monthly service reviews with business stakeholders and review and action stakeholder feedback by developing action plans and understanding root cause.
• Help to establish a consistent reporting mechanism with analysis on a regular basis focusing on service improvement, internal customer engagement, KPI and SLA reporting, proposed targets and tracking business impact.

Requirements :

Job location :