Richemont
Cloud Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Richemont
Compagnie Financière Richemont S.A., known as Richemont, is a luxury goods holding company based in Switzerland. Founded in 1988 by Johann Rupert, it has grown from a tobacco business into one of the largest luxury conglomerates in the world. Richemont is publicly traded on the SIX Swiss Exchange and the Johannesburg Stock Exchange. The company operates in the luxury sector, offering a diverse range of high-end products, including jewelry, watches, leather goods, pens, firearms, clothing, and accessories. Richemont manages a prestigious portfolio of brands such as Cartier, Van Cleef & Arpels, Montblanc, and Chloé, among others. It serves affluent consumers globally through retail stores, boutiques, and e-commerce platforms like Net-a-Porter and Mr Porter. Richemont emphasizes craftsmanship and heritage, appealing to clients who value exclusivity and quality in luxury goods.
Security at Richemont
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Richemont's AppSec philosophy, as publicly stated, involves the RICHEMONT-CSIRT supporting its constituents with reactive and proactive services. The approach cultivates collaboration between development and operations teams and incorporates a risk management process that considers both strategic and operational risks. A key goal is to provide practical guidance to engineering and project teams for implementing security controls. However, a standalone, public AppSec mission statement beyond CSIRT and job-role descriptions is not publicly available.”
Security Team
The RICHEMONT-CSIRT, which handles AppSec-related activities, is operated by the Richemont Group Security team. Key public-facing leaders include Wolfgang Schurr, Group CISO, and Pierre Olodo, Cyber Risk Manager. As of, there are two active AppSec-related job postings: DevSecOps Engineer (JR123146) and Cloud Security Engineer (JR123149). Common skill and tool patterns mentioned in job postings include CSPM, CWP, SAST, secret detection, policy as code, Infrastructure as Code modules review, SCA, container security, and experience with OWASP Testing Guide v3/4 and OWASP TOP 10. However, an authoritative public headcount for AppSec, an explicit AppSec org chart, or a detailed reporting line beyond CSIRT statements are not publicly available.
Key Initiatives
- Richemont does not have publicly available evidence for a Security Champions Program.
- Their 'Shift Left' practices aim at enabling and enhancing security posture, allowing streamlined and secure cloud development and deployment processes throughout their software delivery lifecycle.
- The vulnerability management process involves RICHEMONT-CSIRT continuously monitoring for existing vulnerabilities and performing technical security assessments (pentests).
- However, public SLAs for triage/remediation are not available.
- Secure SDLC artifacts are indicated by the mention of 'management and definition of security in the software development lifecycle (SDLC) is a plus.' Recent initiatives (last 6 months) include an emphasis on 'Privacy by Design' to ensure data privacy is not an afterthought, and Pierre Olodo, Cyber Risk Manager, being a finalist for the FAIR Awards.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.