Position Summary

Under the supervision and guidance of her/his primary Community of Practice Lead and Product Group Manager based in Switzerland, the Risk and Compliance Specialist is responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, s/he is responsible for providing the tools, processes and frameworks to support IT Compliance and for conducting IT controls testing .

A day in the life of...

General Outputs Responsible for implementing, coaching and reporting on Risk, Compliance & Security through Compliance and Information Security management system within IT: • Supports risk identification and controls mapping for all solutions and processes in product/product groups and other IT teams using the Nestlé Security, Risk & Compliance framework and management system • Responsible for conducting controls testing, management system reviews and reporting to assess the IT compliance and management system • Supports all IT teams in identifying and applying Internal and External (legal, regulatory and commercial) compliance requirements • Coaches and supports teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system • Provides guidance and support to IT teams in implementing by design the required IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Framework • Responsible for tracking the compliance through relevant metrics • Advise on and promote importance of IT related Risk, Compliance and Security outside the IT community.

Tools, Processes and Frameworks Responsible for implementing and sustaining the tools and process for the Nestlé Compliance & Information Security Management System: • Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.) • Maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.) • Maintains and develops the Cyber Risk Framework to address the evolving risk environment • Develops and sustains the Controls Library by translating, Regulatory & Industry standards into actionable control points • Collaborate with Audit, IT & NBE support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings • Implement and sustain processes with Legal, Quality and Corporate Compliance to ensure IT teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements.

Regulatory & Audit Outputs • Supports the execution of IT audit activities and requests • Works with IT teams and internal and external Auditors, tracking and following up all IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems • Validates root causes have been addressed prior to closure of corrective & preventative actions • Supports IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements • Ensures all IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements.

Capability & Organizational Outputs • Acts as partner to all IT units for IT compliance questions and advice • Drives the development & roll out of the Risk, Compliance & Security competency framework for IT Workforce Planning & Management team including the roll out and tracking of the awareness and behavior training • Performs, and/or coach to ensure consistency, risk assessment according to agreed Risk & Compliance framework in collaboration with IT teams

What will make you successful

• 5+ years of experience in a combination of risk management, compliance, information security and IT jobs - thereof >4 years in a senior leadership role

• Undergraduate degree in the field of computer science, law, IT Security, Quality Management or business administration; graduate degree in one these fields preferred

• Industry-related compliance, risk or security management certification is preferred

• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues

• Experience developing and submitting IT audit and compliance reports • Experience with effective communication at different levels in the organization and in English

• Experience having worked in a global environment and with virtual teams