sr. Analyst, Tech Grc m&a

About Estée Lauder Companies

The Estée Lauder Companies is the global leader in prestige beauty - delighting consumers with transformative products and experiences, inspiring them to express their individual beauty.

We are the only company focused solely on prestige makeup, skin care, fragrance, and hair care with a diverse portfolio of 25+ brands sold in approximately 150 countries and territories.

Infused throughout our organization is a passion for creativity and imagination - a desire to push the boundaries and invent the unexpected - as we continue the bold work of our founder Estée Lauder.

Who We Are:

Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skin-care, and luxury fragrance brands? Then join the information security and technology team, Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC).

ECR's security team fuels cyber defense, technology excellence, risk and compliance, and global resilience.

We stay on the forefront of cyber threats to deliver fit-for-purpose tools, technologies, and processes that protect ELC's business operations and empower secure strategic growth.

If you thrive in change-rich entrepreneurial environments, then this is the team for you. From our fast-paced delivery plans to our global team expansion, this is an exciting time to join us

What You'll Do:

You will be responsible for participating and assisting in company's end-to-end M&A (Mergers & Acquisitions) processes - especially related to Cybersecurity and IT Controls - to identify risk items, management reporting, drafting action items with remediation timelines, remediation, and related ongoing stead-state support.

Your engagement will play an integral role with collaboration across many functions including Finance Strategy, New Brands Development & Empowerment, Global Finance Controls, Corporate Finance, IT Operations and Enterprise Cybersecurity & Risk (ECR) to advise on security and controls criteria that are required for an acquisition.

You will be responsible for:

• Engaging in due diligence interview and discussion processes to understand and document seller's Technology, Cybersecurity, and IT Controls environment.
• Partner and collaborate with key stakeholders to identify and riskrank Cybersecurity and IT control gaps.
• Participate in Management readout meetings to help and advise on key risk and its implications, including but not limited to, any regulatory concern.
• Assist in drafting / documenting remediation action items for cybersecurity and IT controls based on risk and prioritization.
• Engaging with key stakeholders and the Seller to advise on critical areas that require actions based on critical risk prior to full acquisition.
• Identifying critical system(s) with potential regulatory implication(s); e.g., SOX, PCI
• Postacquisition, perform followup assessment on Cybersecurity and IT controls to assess potential remediation or closure and/or identify continued risk and/or open Cybersecurity and IT Controls gaps.
• Creating a detailed roadmap of key systems and control that require remediation, including minimum control requirement,
• Assisting the newly acquired entity with establishment of key security policy & standards.
• Advising and assisting the newly acquired entity in designing and implementing Cybersecurity framework(s); including but not limited to, vulnerability management, thirdparty risk assessment, training & awareness, cybersecurity incident response plan, and threat monitoring.
• Advising and assisting the newly acquired entity with design & implementation of key IT controls, creating control SOPs, creating control guides, and establishing selfassessment templates.
• Advising and assisting the newly acquired entity with any regulatory IT audit requirements, including but not limited to, SOX readiness and PCI assessment.
• Providing an ongoing runstate advisory support on matters related to security and IT controls until full company integration.

Qualifications

What We Offer:

• Medical/Dental/Vision Insurance
• Extensive Paid Parental Leave and Adoption Assistance
• Learning & Education Assistance
• Student Loan Contributions
• PTO for Volunteer Work
• Child and Elder Care Assistance
• 401(k) Savings Plan and match
• Pension Plan/Retirement Growth Account
• Stock Purchase Programs
• Quarterly Product Allowance and Employee Discounts

Who You Are:

• You have a bachelor's degree in a relevant field such as Management Information Systems and Computer Science.
• You have 23 year of experience in M&A IT or M&A IT Service Delivery experience.
• You have 23 years of experience in IT Audit, SOX IT Compliance, PCI, or Information Systems Management.
• Alternatively, you have an MBA with 2+ years relevant work experience.
• You have relevant industry certifications (e.g., CISA, CISSP, CISM)
• You have a working knowledge of internal controls over financial reporting (ICFR), SEC standards, PCAOB standards, the NIST framework, COSO framework, and/or COBIT.
• You have a working understanding and are fundamental knowledgeable of various Cybersecurity areas, including but not limited to, vulnerability management, third party risk assessment, security incident management, identity & access, and key policies.
• You have experience with technologies such as SAP, Oracle, Dynamics 365, Unix/Linux, ServiceNow, SAP GRC, and other cloud technologies, especially AWS and Azure
• You have a working understanding or experience in M&A systems or security due diligence processes.
• You have excellent written and verbal communication skills, interpersonal skills, and presentation skills that allow you to convey tough messages in a kind way.
• You are experienced in documenting and evaluating security/control deficiencies and assisting management with remediation plans.
• You have the ability to manage an integrated plan across other project components while monitoring the critical path and dependencies.
• You have the ability to effectively lead crossfunctional teams and facilitate interactions across various organizational levels.
• You are experienced in designing test plans, testing and concluding on the operating effectiveness of IT general controls, IT automated controls, key reports, and software development lifecycle controls.
• You are a proven innovative problem solver who thrives in ambiguity.
• You are comfortable performing as an individual contributor and teammate concurrently.
• You have strong personal integrity with the highest ethical standards.
• You are extremely organized, have superior attention to detail and a dedication to putting forth high quality work.
• Above all else, you are Bright, Kind and Motivated by Challenge.
• You'll love solving problems, thinking creatively, and trying new things.
• You believe in autonomy & taking initiative.

The anticipated base salary range for this position is $83,500 to $125,500. Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location.

In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results as well as participation in the share incentive plan.

In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others.

Many of these benefits are subsidized or fully paid for by the company.

Job:
Information Technology

Primary Location:
Americas-US-NY-Long Island City

Job Type:
Standard

Schedule:
Full-time

Shift: 1st (Day) Shift

Job Number: 246572

We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply.

It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances.

The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices.

Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact

---