Lead, Risk Management - Full-time

The Estee Lauder Companies
Queens, US
On-site

Job Description

**Risk Management Lead**

As the Cybersecurity Risk Management Lead within ECR’s Risk and Solutions team, you will work to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company.

Responsibilities include:

+ Partner with ECR team members, IT stakeholders, and business owners to bring down the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation

+ Collaborate to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements. Enable balanced risk decisions by providing recommendations to leadership, escalating based on severity and risk level to ensure appropriate cyber protection capabilities and resiliency are built into the plans.

+ Manage risk reduction tracker and maintain basic project management documentation tracking project tasks, status, ownership, issue closure, and timelines.

+ Support monthly Risk Reduction Governance Committee meetings.

+ Coordinate and manage cross-functional project teams to track overall remediation status while coordinating with applicable team and Program Managers.

+ Prepare and provide reporting (KRI) and dashboard status(s) on a scheduled basis.

  • *Qualifications**

+ 5 years of practical experience in technology risk and control or IT audit (audit firm experience is a plus), including experience in project governance/management and understanding of business processes, key IT risk/controls, organizations, markets, retail, and/or manufacturing.

+ Strong communication skills, influence/negotiation skills, attention to detail, conflict management experience, analytical skills, and measurement/visualization ideas.

+ Ability to problem⁃solve, think creatively, challenge the status quo, and manage ambiguity.

+ Ability to communicate complicated or technical information to executives, including proven ability to work both independently and as part of a team, with stakeholders at all levels.

+ Proficient in Microsoft Excel, Word, and PowerPoint, including data visualization Power BI.

+ Proficient in English as a business language.

+ Experience handling, securing, and communicating highly confidential and sensitive information.

+ 3 years minimum related experience.

+ Undergraduate degree in computer science/business or equivalent professional experience CISSP/CISA/CISM/CRISC/CGEIT/ITIL or equivalent certification is desirable.

Equal Opportunity Employer

It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.

  • *Risk Management Lead**

As the Cybersecurity Risk Management Lead within ECR’s Risk and Solutions team, you will work to minimize overall security risk by identifying risks, monitoring requests through approval workflows, providing risk scoring, and presenting data to give a holistic view of the risk associated with risks identified at the company.

Responsibilities include:

+ Partner with ECR team members, IT stakeholders, and business owners to bring down the risk of technology to the company by identifying and evaluating technology and cyber risks as they are identified. Responsible for reviewing risks through triage and evaluative score risk level and severity with a focus on defining a potential path for remediation

+ Collaborate to define appropriate solutions to mitigate or remediate the risk by partnering with key stakeholders in ECR, IT, and the business, which will require consensus building and managing disagreements. Enable balanced risk decisions by providing recommendations

Skills & Requirements

Technical Skills

Microsoft excelWordPowerpointData visualization power biProficient in englishCommunicationInfluence/negotiationAttention to detailConflict managementAnalyticalMeasurement/visualizationProblem-solvingCreative thinkingChallenging the status quoManaging ambiguityCisspCisaCismCriscCgeitItilCybersecurityRisk managementIt auditProject governance/managementBusiness processesIt risk/controlsOrganizationsMarketsRetailManufacturing

Soft Skills

CommunicationInfluence/negotiationAttention to detailConflict managementAnalyticalMeasurement/visualization

Domain Knowledge

CybersecurityRisk management

Certifications

CISSPCISACISMCRISCCGEITITIL

Employment Type

FULL TIME

Level

lead

Posted

4/22/2026

Apply Now

You will be redirected to The Estee Lauder Companies's application portal.