Sr. Analyst, Tech GRC M&A

About Estée Lauder Companies
The Estée Lauder Companies is the global leader in prestige beauty - delighting consumers with transformative products and experiences, inspiring them to express their individual beauty. We are the only company focused solely on prestige makeup, skin care, fragrance, and hair care with a diverse portfolio of 25 brands sold in approximately 150 countries and territories. Infused throughout our organization is a passion for creativity and imagination - a desire to push the boundaries and invent the unexpected - as we continue the bold work of our founder Estée Lauder.
Who We Are:
Do you want to be part of the team catalyzing digital innovation, harnessing the power of data, and transforming the fabric of security across the world's most prestigious beauty, skin-care, and luxury fragrance brands? Then join the information security and technology team, Enterprise Cybersecurity & Risk (ECR) at Estée Lauder Companies (ELC). ECR's security team fuels cyber defense, technology excellence, risk and compliance, and global resilience. We stay on the forefront of cyber threats to deliver fit-for-purpose tools, technologies, and processes that protect ELC's business operations and empower secure strategic growth. If you thrive in change-rich entrepreneurial environments, then this is the team for you. From our fast-paced delivery plans to our global team expansion, this is an exciting time to join us!
What You'll Do:
You will be responsible for participating and assisting in company's end-to-end M&A (Mergers & Acquisitions) processes - especially related to Cybersecurity and IT Controls - to identify risk items, management reporting, drafting action items with remediation timelines, remediation, and related ongoing stead-state support. Your engagement will play an integral role with collaboration across many functions including Finance Strategy, New Brands Development & Empowerment, Global Finance Controls, Corporate Finance, IT Operations and Enterprise Cybersecurity & Risk (ECR) to advise on security and controls criteria that are required for an acquisition.
You will be responsible for:
* Engaging in due diligence interview and discussion processes to understand and document seller's Technology, Cybersecurity, and IT Controls environment.
* Partner and collaborate with key stakeholders to identify and risk-rank Cybersecurity and IT control gaps.
* Participate in Management read-out meetings to help and advise on key risk and its implications, including but not limited to, any regulatory concern.
* Assist in drafting / documenting remediation action items for cybersecurity and IT controls based on risk and prioritization.
* Engaging with key stakeholders and the Seller to advise on critical areas that require actions based on critical risk prior to full acquisition.
* Identifying critical system(s) with potential regulatory implication(s); e.g., SOX, PCI
* Post-acquisition, perform follow-up assessment on Cybersecurity and IT controls to assess potential remediation or closure and/or identify continued risk and/or open Cybersecurity and IT Controls gaps.
* Creating a detailed roadmap of key systems and control that require remediation, including minimum control requirement,
* Assisting the newly acquired entity with establishment of key security policy & standards.
* Advising and assisting the newly acquired entity in designing and implementing Cybersecurity framework(s); including but not limited to, vulnerability management, third-party risk assessment, training & awareness, cybersecurity incident response plan, and threat monitoring.
* Advising and assisting the newly acquired entity with design & implementation of key IT controls, creating control SOPs, creating control guides, and establishing self-assessment templates.
* Advising and assisting the newly acquired entity with any regulatory IT audit requirements, including but not limited to, SOX readiness and PCI assessment.
* Providing an on-going run-state advisory support on matters related to security and IT controls until full company integration.
What We Offer:
* Medical/Dental/Vision Insurance
* Extensive Paid Parental Leave and Adoption Assistance
* Learning & Education Assistance
* Student Loan Contributions
* PTO for Volunteer Work
* Child and Elder Care Assistance
* 401(k) Savings Plan and match
* Pension Plan/Retirement Growth Account
* Stock Purchase Programs
* Quarterly Product Allowance and Employee Discounts
Who You Are:
* You have a bachelor's degree in a relevant field such as Management Information Systems and Computer Science.
* You have 2-3 year of experience in M&A IT or M&A IT Service Delivery experience.
* You have 2-3 years of experience in IT Audit, SOX IT Compliance, PCI, or Information Systems Management.
* Alternatively, you have an MBA with 2 years relevant work experience.
* You have relevant industry certifications (e.g., CISA, CISSP, CISM)
* You have a working knowledge of internal controls over financial reporting (ICFR), SEC standards, PCAOB standards, the NIST framework, COSO framework, and/or COBIT.
* You have a working understanding and are fundamental knowledgeable of various Cybersecurity areas, including but not limited to, vulnerability management, third party risk assessment, security incident management, identity & access, and key policies.
* You have experience with technologies such as SAP, Oracle, Dynamics 365, Unix/Linux, ServiceNow, SAP GRC, and other cloud technologies, especially AWS and Azure
* You have a working understanding or experience in M&A systems or security due diligence processes.
* You have excellent written and verbal communication skills, interpersonal skills, and presentation skills that allow you to convey tough messages in a kind way.
* You are experienced in documenting and evaluating security/control deficiencies and assisting management with remediation plans.
* You have the ability to manage an integrated plan across other project components while monitoring the critical path and dependencies.
* You have the ability to effectively lead cross-functional teams and facilitate interactions across various organizational levels.
* You are experienced in designing test plans, testing and concluding on the operating effectiveness of IT general controls, IT automated controls, key reports, and software development life-cycle controls.
* You are a proven innovative problem solver who thrives in ambiguity.
* You are comfortable performing as an individual contributor and teammate concurrently.
* You have strong personal integrity with the highest ethical standards.
* You are extremely organized, have superior attention to detail and a dedication to putting forth high quality work.
* Above all else, you are Bright, Kind and Motivated by Challenge.
* You'll love solving problems, thinking creatively, and trying new things.
* You believe in autonomy & taking initiative.
The anticipated base salary range for this position is $83,500 to $125,500. Exact salary depends on several factors such as experience, skills, education, and budget. Salary range may vary based on geographic location. In addition to base salary, this position is eligible for participation in a highly competitive bonus program with possibility for overachievement based on performance and company results as well as participation in the share incentive plan.
In addition, The Estée Lauder Companies offers a variety of benefits to eligible employees, including health insurance coverage, wellness and family support programs, life and disability insurance, retirement savings plans, paid leave programs, education-related programs, paid holidays and vacation time, and many others. Many of these benefits are subsidized or fully paid for by the company.
Job offer posted directly by companies on Experteer, or researched by Experteer.
Sign up and apply now

The Experteer Benchmark is an Experteer service that shows you the estimated market value of a specific position. It is not given by the recruiters, and it is an estimate based solely on market data.

Experteer's estimation is based on both the analysis of internal data, as well as external information. The Experteer Benchmark is the average market value at the respective level. This value may be up to 15% higher or lower in each company (greater variation may be possible in individual cases).

The Recruiter Benchmark serves as a reference. The actual salary to be obtained depends on factors such as professional experience and expertise.