Mission:

As Chanel has embarked on the digital transformation journey, Cybersecurity has become more important than ever. Our mission is to protect our customers and our business against evolving cyber threats in today’s connected and agile world. As the Chief Information Security Officer (CISO) of Chanel Korea, you will be responsible for leading the market’s overall information security strategy, risk management, and compliance. You will drive a culture of cybersecurity, ensure regulatory compliance, identify and remediate security risks, and safeguard Chanel’s digital assets and reputation. This pivotal role requires strong leadership, deep technical expertise, and the ability to engage stakeholders across all levels of the business.

Roles & Responsibility

• Design, implement, and manage an effective security awareness program tailored to the Korean business environment, driving positive behavioral changes among employees and stakeholders.
• Ensure implementation and adherence to Chanel Information Security Policy (CISP) as well as the global Information Security processes and tools.
• Provide expert security consultancy and advisory to business units and project teams.
• Identify, assess, and remediate information security and third-party security risks through proactive engagement and risk management practices.
• Continuously monitor and assess the organization’s cyber risk exposure.
• Develop and maintain regular reporting for senior management, providing clear visibility into the threat landscape and risk posture.
• Assure compliance with Korean regulations (e.g. K-ISMS) and coordinate Information Security related audits and remediation.
• Manage security vulnerabilities and attack surface across the IT landscape.
• Continuously enhance incident response capabilities, ensuring effective preparation, detection, and response to security incidents.
• Ensure that regulatory requirements and local priorities are clearly communicated to, and aligned with, regional and global counterparts.

Qualifications Academic / Professional Qualifications

• Bachelor’s degree in computer science or related field.
• Qualification such as CISSP, CISA, CISM.

Work Experience

• Minimum 10 years of relevant experience in Information Technology.
• At least 5 years of dedicated experience in Information Security and Risk Management.
• Proven track record in conducting security assessments for projects and third parties/suppliers.
• Expertise in identifying and remediating security risks and vulnerabilities.
• Understanding and experience with a broad range of security technologies and tools, such as Identity & Access Management (IAM), Data Loss Prevention (DLP), Endpoint Detection & Response/Network Detection & Response (EDR/NDR), web proxy solutions, Cloud security, and Dev Sec Ops practices.
• Experience with K-ISMS or K-ISMS-P certification processes.
• Familiarity with AI technologies is a bonus.
• Strong background in implementing Korean regulatory requirements concerning Information Security and Data Privacy.

Required Competencies

• Strong risk management abilities, combined with business acumen.
• Comfortable with working in a matrix organization.
• Excellent communication skills, both written and verbal.
• Operate at a high degree of independence.
• Fluent in Korean and English.