Head of Group Cyber Risk & Advisory

“Digital transformation is at the forefront of our Group development. This transformation will open a lot of new opportunities on all the area and domains where the Group operates. Join us if you want to play a key role in this thrilling transformation by partnering with our business functions to enable a secure innovation and to keep our people and assets safe and secured.”

CONTEXT

As a member of the Group Cyber Resilience management team led by the Group CISO, and as Head of Group Cyber Risk & Advisory, you will play a pivotal role in the definition and implementation of cyber security strategy within the Group. You will partner with Richemont Group including all Regions and Maisons worldwide. You will be managing the Group Cyber Risk & Advisory department, composed of Cyber Risk, Cyber Architecture, Identity & Privileged Access Management advisory. Sitting in the 2nd line of defense, you will provide guidance and advisory to the business and technical functions within the Group to enable security by design and ensure informed decision related to cybersecurity are made by the business.

In more detail, this means that you will provide general direction, oversight and definition of cyber security concepts and models along with cyber security best practices. Together with your team, you will enable the Group to achieve its business strategy and objectives in a secure and resilient manner.

You will be leading and supporting various initiatives aiming to define and deploy processes, awareness and technologies related to cybersecurity.

Your role will involve a prominent level of leadership and collaboration with key stakeholders from the business as well as other functions such as HR, legal, security, communication, technology, internal audit, M&A and external partners.

HOW WILL YOU MAKE AN IMPACT?

Your Key Responsibilities Will Be The Following

• Define Group Cyber Risk & Advisory strategy aligned with overall Group Security strategy
• Provide leadership and guidance to the organization in the following areas of Cyber Resilience
• Cyber Risk Management, incl. Cyber Control and Insider Risk
• Third Party Risk Management
• Cybersecurity Architecture
• Quantitative risk assessment
• Identify and Privileged Access Management
• For every aforementioned domain, drive and oversee framework definition and implementation
• Develop and implement cybersecurity strategy across the entire Group
• Establish effective governance practices
• Enable risk and control owners to fully comprehend their responsibilities and take ownership of risk and control activities
• Lead multicultural and diverse teams with a clear vision and strategy
• Develop and communicate a compelling vision that resonates with team members
• Foster an inclusive and collaborative team culture
• Provide mentorship and resources to support the professional development of every team member
• Establish team goals and ensure their successful attainment
• Engage with various Richemont entities’ executives and drive or participate in cybersecurity forum and assessments at strategical level
• Collaborate with global functions to ensure that cyber security best practices are properly and systematically embedded within business and enterprise applications, services, platforms, and processes (ensure security by design)
• Budget planning & ownership responsibilities for Cyber Risk & Advisory as part of Group Cyber Resilience budget
• Assist other cybersecurity function such as the deploying of cybersecurity awareness program for the Group, M&A, incident response, cybersecurity programs etc.
  

HOW WILL YOU EXPERIENCE SUCCESS WITH US?

For this role you will need to demonstrate maturity in the below skills:

• Proven experience in various cyber security domains such as cyber risk management, cyber control, cyber architecture, IAM and PAM
• Proven experience in managing large and complex teams, track record of identifying, developing and retaining talent
• Excellent verbal and written English communication skills including the ability to adapt and communicate toward several types of audiences, at various hierarchical levels, including C-level
• Master at least one of the industries recognized common risk management frameworks (FAIR, NIST RMF, ISO 27005, ISO 31000, COSO, others)
• Industry recognised security certifications are a plus (e.g., CISSP, CISM, CRISC, NIST CSF, etc.)
• Familiar with international security and privacy regulations such as GDPR, China PIPL, South Korea PIPA, US privacy laws, etc.
• Be business oriented
• Very good analytical and problem-solving skills
• Strong collaborative mindset is necessary
• Experience working in large, multi-tiers and international environment
  
  

WHAT MAKES OUR GROUP DIFFERENT?

Our true power does not lie in our similarities but in the rich diversity of our arts, cultures, and human skills, as well as our specific ability to foster untapped potential.

• We value freedom, collegiality, loyalty, and solidarity.
• We foster empathy, curiosity, courage, humility, and integrity.
• We care for the world we live in.
  
  

YOUR JOURNEY WITH US

If your application is selected, our Talent Acquisition Partner will reach out to you shortly for an introductory call. As a next step, you will have interviews with the manager, and any relevant internal stakeholder. Also, you will have a final interview with our HR Business Partner.