Position Snapshot

• Headquarters of Nestlé in Milan, Italy;
• IT Security and Compliance Department;
• Permanent contract;
• Full-time work in a global environment;
• Master or Bachelor’s degree in Business administration, Technology-related field or equivalent;
• 5+ years of experience in a combination of risk management, information security and IT jobs — Microsoft certifications are preferred.
• Experience in effective communication at different levels in the organization and in English

Position Summary

Joining Nestlé means you are joining the largest food and beverage company in the world! We are inspired to innovate. We embrace the diverse and fast-changing digital world as source of endless challenge, inspiration, and new possibilities. you are responsible for establishing and maintaining IT security products, platforms and solutions designed to mitigate IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Cyber and Digital Security Specialist will proactively work with IT and business units to implement practices that meet defined policies and standards for information security.
 

A day in the life of Cyber and Digital Security Specialist - Windows & Azure

• Conduct systematic security assessments of IT Solutions to identify security risks
• Ensure Microsoft on prem or Azure products (based on the focus of the role), platforms and solutions are implemented "Secure & Compliant by Design”
• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address and remediate findings
• Provide strategic risk guidance for IT projects and product management, including the evaluation and recommendation of technical controls
• Liaise with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures
• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings
• Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations

What will make you successful

• Successful experience in implementing cyber security with IT teams and products 
• Experience with PKI (i.e. Windows, Keyfactor, Digicert ) SSO and MFA, Azure Cloud technologies, AD or AAD, GPO, Powershell scripting.
• Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
• Preference to have worked in a global environment and with virtual teams
• Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations;
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
• Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST