Share this Job
Apply now »

Risk & Compliance FRM-211167

Risk & Compliance FRM-211167

Position Snapshot

- Business Unit/Function: IT

- Location: Beijing

 

Main Purpose of Job

IT Risk & Compliance Functional Relationship Manager, will partner with the IT Security & Compliance Manager, Market IT Business Relationship Managers, IT Product Managers and Business & IT Application Owners to implement and sustain Nestlé Security & Compliance frameworks. Ensures the proper implementation, management and follows up of Risk, Compliance & Security within the market. S/He will be responsible for the Information Security Management System of the unit to ensure that Security & Compliance is structured in the market and brings S&C requirements to any local initiative. S/He works with the market IT Applications Owners to ensure new and existing solutions are implemented and sustained secure & compliant by design.
S/He will support the alignment of local business requirements and local Regulatory & Legal IT Compliance requirements with the Security & Compliance Product teams through the use of ISMS Framework. S/He advocates and supports the deployment of global security & compliance solutions. S/He will be responsible for driving the awareness of Security & Compliance, practices, standards and behaviors across the market organization including senior stakeholders.

 

Key Outputs:

General Outputs
• Partner with internal and external stakeholders to define, plan, execute and refine strategy, definitions, and roadmaps to execute the market’s Information Security Management System (ISMS) and maintain the market’s ISO 27001 certification
• Accountable for ensuring all applications within their market are delivered and maintained secure and compliant with internal standards and external regulations, including privacy requirements, Business Continuity Plans etc.
• Supports the prompt deployment of global Security & Compliance solutions and processes in the market
• Responsible for tracking the market security & compliance posture through relevant metrics and driving continuos improvement through the management system

 

Information Security Management
• Plan/execute the market’s Information Security Management System (ISMS)
• Provide process, standard routines and control procedures to enable secure and compliant by design applications
• Drive the continuous improvement of Security & Compliance posture by leading the Risk, Control & Applications owners through the ISMS Framework
• Ensure the implementation of IT Standards and Global Controls
• Track & report on Risk, Control & Remediation maturity
• Support the adoption of the appropriate metrics for tracking risks & controls
• Ensure Information Security risk & control posture is aligned with market management

 

Risk management
• Ensures risk identification and controls mapping for all solutions and processes in market using the Nestlé Risk, Compliance & Security framework
• Ensures Risk, Compliance & Security gaps within the market are documented in corrective & preventative actions and tracked through the management system
• Presents IT Risk posture to market management and provides input Enterprise Risk Management processes in the market

 

Support & Incident Response
* Ensures market engagement in Security Incident & Event response, first point in market for Cyber Security Operations Center (CSOC).
* Prioritizes issues and escalations on behalf of receivers
* Provide insight into business disruptions caused by P1/P2 and unplanned outages

 

Regulatory & Audit Outputs
• Coordinates all the IT related audits requests in the market
• Represents the market teams with the auditors, supports market in providing documentation required to meet regulatory requirements (e.g. PCI, GxP)
• Tracks and follows-up the market audit, internal review or regulatory findings as corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security function to identify required levels of documentation and evidence to support audit and regulatory requirements
• Ensures market is trained in reporting Risk, Compliance & Security incidents and events to meet internal &external requirements
• Supports market in the execution and follow-up of Partner Compliance Audits (including cloud)

 

Capability & Organizational Outputs
• Supports and advises IT & business application owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their unit
• Roll out, Promote and track of the Security & Complaince awareness and behaviour training for market
• Performs, and/or coaches to ensure consistency, risk assessment according to agreed Risk & Compliance framework
• Coaches & trains local teams on the implementation and management of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market teams on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and the current level of maturity and propose and implement adjustments in capability development for market

 

Key Experiences:

• Bachelor’s Degree in computer science, information security, quality management, business administration, or other analytical or scientific discipline, or equivalent experience is required
• 8+ years of experience in information technology or related function
• 7+ years of experience in information security and compliance or data privacy is required
• Stakeholder management experience with proven record of successfully managing complex stakeholder network
• Experience working for or with a global matrixed organization including with virtual teams
• Experience with and strong knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST
• Industry-related/Professional compliance, risk or security management certification is preferred. (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor/Implementer etc.)

 

211167 /51 /ZP /LP

We are Nestlé, the largest food and beverage company. We are 308,000 employees strong driven by the purpose of enhancing the quality of life and contributing to a healthier future. Our values are rooted in respect: respect for ourselves, respect for others, respect for diversity and respect for our future. With more than CHF 91.4 billion sales in 2018, we have an expansive presence with 413 factories in more than 85 countries. We believe our people are our most important asset, so we'll offer you a dynamic inclusive international working environment with many opportunities across different businesses, functions and geographies, working with diverse teams and cultures. Want to learn more? Visit us at www.nestle.com.

Position Snapshot

- Business Unit/Function: IT

- Location: Beijing

 

Main Purpose of Job

IT Risk & Compliance Functional Relationship Manager, will partner with the IT Security & Compliance Manager, Market IT Business Relationship Managers, IT Product Managers and Business & IT Application Owners to implement and sustain Nestlé Security & Compliance frameworks. Ensures the proper implementation, management and follows up of Risk, Compliance & Security within the market. S/He will be responsible for the Information Security Management System of the unit to ensure that Security & Compliance is structured in the market and brings S&C requirements to any local initiative. S/He works with the market IT Applications Owners to ensure new and existing solutions are implemented and sustained secure & compliant by design.
S/He will support the alignment of local business requirements and local Regulatory & Legal IT Compliance requirements with the Security & Compliance Product teams through the use of ISMS Framework. S/He advocates and supports the deployment of global security & compliance solutions. S/He will be responsible for driving the awareness of Security & Compliance, practices, standards and behaviors across the market organization including senior stakeholders.

 

Key Outputs:

General Outputs
• Partner with internal and external stakeholders to define, plan, execute and refine strategy, definitions, and roadmaps to execute the market’s Information Security Management System (ISMS) and maintain the market’s ISO 27001 certification
• Accountable for ensuring all applications within their market are delivered and maintained secure and compliant with internal standards and external regulations, including privacy requirements, Business Continuity Plans etc.
• Supports the prompt deployment of global Security & Compliance solutions and processes in the market
• Responsible for tracking the market security & compliance posture through relevant metrics and driving continuos improvement through the management system

 

Information Security Management
• Plan/execute the market’s Information Security Management System (ISMS)
• Provide process, standard routines and control procedures to enable secure and compliant by design applications
• Drive the continuous improvement of Security & Compliance posture by leading the Risk, Control & Applications owners through the ISMS Framework
• Ensure the implementation of IT Standards and Global Controls
• Track & report on Risk, Control & Remediation maturity
• Support the adoption of the appropriate metrics for tracking risks & controls
• Ensure Information Security risk & control posture is aligned with market management

 

Risk management
• Ensures risk identification and controls mapping for all solutions and processes in market using the Nestlé Risk, Compliance & Security framework
• Ensures Risk, Compliance & Security gaps within the market are documented in corrective & preventative actions and tracked through the management system
• Presents IT Risk posture to market management and provides input Enterprise Risk Management processes in the market

 

Support & Incident Response
* Ensures market engagement in Security Incident & Event response, first point in market for Cyber Security Operations Center (CSOC).
* Prioritizes issues and escalations on behalf of receivers
* Provide insight into business disruptions caused by P1/P2 and unplanned outages

 

Regulatory & Audit Outputs
• Coordinates all the IT related audits requests in the market
• Represents the market teams with the auditors, supports market in providing documentation required to meet regulatory requirements (e.g. PCI, GxP)
• Tracks and follows-up the market audit, internal review or regulatory findings as corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security function to identify required levels of documentation and evidence to support audit and regulatory requirements
• Ensures market is trained in reporting Risk, Compliance & Security incidents and events to meet internal &external requirements
• Supports market in the execution and follow-up of Partner Compliance Audits (including cloud)

 

Capability & Organizational Outputs
• Supports and advises IT & business application owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their unit
• Roll out, Promote and track of the Security & Complaince awareness and behaviour training for market
• Performs, and/or coaches to ensure consistency, risk assessment according to agreed Risk & Compliance framework
• Coaches & trains local teams on the implementation and management of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market teams on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and the current level of maturity and propose and implement adjustments in capability development for market

 

Key Experiences:

• Bachelor’s Degree in computer science, information security, quality management, business administration, or other analytical or scientific discipline, or equivalent experience is required
• 8+ years of experience in information technology or related function
• 7+ years of experience in information security and compliance or data privacy is required
• Stakeholder management experience with proven record of successfully managing complex stakeholder network
• Experience working for or with a global matrixed organization including with virtual teams
• Experience with and strong knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST
• Industry-related/Professional compliance, risk or security management certification is preferred. (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor/Implementer etc.)

 

211167 /51 /ZP /LP

We are Nestlé, the largest food and beverage company. We are 308,000 employees strong driven by the purpose of enhancing the quality of life and contributing to a healthier future. Our values are rooted in respect: respect for ourselves, respect for others, respect for diversity and respect for our future. With more than CHF 91.4 billion sales in 2018, we have an expansive presence with 413 factories in more than 85 countries. We believe our people are our most important asset, so we'll offer you a dynamic inclusive international working environment with many opportunities across different businesses, functions and geographies, working with diverse teams and cultures. Want to learn more? Visit us at www.nestle.com.

Beijing, CN

Beijing, CN

Apply now »