About IT In Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.
 

To strengthen our IT Procurement/Mexico hub, we are looking for an IT Procurement Business System Analyst to complete our Source to Pay Department.

Under the supervision and guidance of your primary Community of Practice Lead and Product Manager based in Barcelona you will be responsible for one or several products within a product group and you will be responsible to serve as a liaison between Procurement and IS/IT. You will be accountable for the Procurement interface with IT to translate opportunities and issues supporting and and advising the best solutions. You will further translate business strategies, opportunities and needs into IS/IT product requirements, and plays a key role within the product team to specify, test and deploy those IT solutions.

Position Snapshot

Location: Nestlé México

Stream: IT Security And Compliance

Type of Contract: Permanent

Under the supervision and guidance of her/his primary Community of Practice Lead and Product Manager based in Switzerland, the Sr Risk and Compliance IT Specialist is responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risks, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, s/he is responsible for providing the tools, processes and frameworks to support IT Compliance in Nestle and for conducting IT controls testing .

Key Responsibilities:

General Outputs
Responsible for coaching and reporting on Risk, Compliance & Security through the Nestlé Compliance and Information Security management system within IT:
• Supports risk identification and controls mapping for all solutions and processes in product/product groups and other IT teams using the Nestlé Security, Risk & Compliance framework and management system
• Responsible for conducting controls testing, management system reviews and reporting to assess the IT compliance and management system
• Supports all IT teams in identifying and applying Internal and External (legal, regulatory and commercial) compliance requirements
• Coaches and supports teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
• Provides guidance and support to IT teams in implementing by design the required IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework 
• Responsible for tracking the compliance through relevant metrics
• Advise on and promote importance of IT related Risk, Compliance and Security outside the IT community
• Contributes to IT Security and Compliance on-boarding of Nestlé acquired businesses

Tools, Processes and Frameworks
Responsible for implementing and sustaining the tools and process for the Nestlé Compliance & Information Security Management System:
• Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
• Maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
• Maintains and develops the Nestlé Cyber Risk Framework to address the evolving risk landscape
• Develops and sustains the Controls Library by translating Nestlé, Regulatory & Industry standards into actionable control points
• Collaborate with Audit, IT & Nestlé support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings 
• Implement and sustain processes with Legal, Quality and Corporate Compliance to ensure IT teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
• Processes and procedures for lifecycle management of all technology compliance policies, standards and frameworks in Nestlé, including exceptions management
• Responsible for defining maintaining an integrated risk, compliance & security index (KPIs)

Regulatory & Audit Outputs
• Supports the execution of IT audit activities and requests
• Works with IT teams and internal and external Auditors, tracking and following up all IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
• Validates root causes have been addressed prior to closure of corrective & preventative actions 
• Supports IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
• Ensures all IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements
• Drives root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation
• Supports IT teams in the execution and follow-up of Partner Compliance Audits (including cloud)

Required Profile:

• 6+ years of experience in a combination of risk management, compliance, information security and IT jobs - thereof >3 years in a senior role
• Undergraduate degree in the field of computer science, law, IT Security, Quality Management or business administration; graduate degree in one these fields preferred
• Industry-related compliance, risk or security management certification is preferred. Valuable Certifications: ISO 27000 (any is valuable), or CISM, or CISA, or CRISC, or COBIT. Desirable only.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues
• Experience developing and submitting IT audit and compliance reports
• Experience with effective communication at different levels in the organization and in English
• Experience having worked in a global environment and with virtual teams