Cyber Risk Manager

Descripción del puesto:

You've picked a great time to join Avon. We're the company that puts purpose, people and relationships at the heart of everything we do. The company that's 135 years young and only just getting started. As part of the Regent LP family, we're committed to being the best beauty company for the world by generating a positive environmental, economic and social impact for our communities across the globe.

Role TypePermanent

What you'll be doing:We are seeking a Cyber Risk Manager to lead the identification, assessment, and management of cyber and information security risks across the organization. This role plays a key part in embedding cyber risk management practices into business and IT operations, ensuring that risk-informed decisions are made in alignment with security and regulatory expectations.

Key responsibilities:
The position has one direct report (Cyber Risk Analyst) and will work closely with cybersecurity, IT, compliance, and business teams to ensure a proactive and consistent approach to cyber risk.
What you'll be working on:
* Lead the cyber risk management lifecycle, including risk identification, assessment, mitigation, and monitoring.
* Maintain and evolve the cyber risk register and associated reporting to reflect the organization's risk posture.
* Provide oversight and guidance on cyber-related controls, ensuring alignment with frameworks such as NIST CSF, ISO 27001, and COBIT.
* Collaborate with IT and Cybersecurity teams to support secure delivery of technology initiatives.
* Act as the key liaison for cyber risk matters with internal stakeholders, including compliance, audit, and senior management.
* Translate technical cyber risks into business-relevant impact and provide recommendations for risk treatment.
* Manage and develop the Cyber Risk Analyst, ensuring quality and consistency in deliverables.

Requirements:
* Strong understanding of cyber risk, threat landscapes, and control frameworks.
* Demonstrated experience in risk management or GRC roles within a cybersecurity context.
* Skilled in risk evaluation, reporting, and stakeholder engagement.
* CRISC certification (or equivalent experience); additional credentials such as CISSP, CISM, or ISO 27001 Lead Implementer are desirable.
* Experience influencing decision-making without formal authority across multiple functions.

What we're looking for:
* Experience implementing or operating a cyber risk management framework within a mid-to-large enterprise environment.
* Exposure to cross-functional collaboration with Cybersecurity Operations, IT, Legal, Compliance, and Internal Audit teams.
* Prior involvement in the risk review of IT or digital transformation projects, cloud migrations, or third-party/vendor assessments.
* Hands-on experience developing or maintaining cyber risk registers and reporting to senior management or governance forums.
* Familiarity with regulatory and compliance environments such as GDPR, SOX, NIS2, or sector-specific cybersecurity requirements.
* Track record of translating complex technical risks into clear, business-relevant insights and recommendations.

What we offer:
We offer a comprehensive benefits package along with wellness resources and work-life balance support in line with your country practices and Avon purpose aiming to help you live a healthier life, protect you and your dear ones, and ensure you're at your best.

At Avon, we believe beauty is for everyone and that it's beautiful to be you. We celebrate our differences, champion self-expression and are committed to inclusion for all. We embrace diversity and individuality to build a culture that represents our communities and enables everyone to bring their best self to work. We also support reasonable adjustments both within our recruitment process and job design when required to empower you to work in a way that works for you.

Ready to be a part of it? Join us.
#Avon

We inform that in accordance with the requirements of the on Whistleblower Protection Act of June 14, 2024 (government gazette of 2024, item 928), each Avon company in Poland has implemented a Procedure for Reporting Irregularities and Subsequent Actions.

The full text of the procedure for each company, containing information about reporting methods, is available here