Loading...
Share this Job
Apply now »

Cyber and Digital Security Senior Specialist - Security Architecture

Cyber and Digital Security Senior Specialist - Security Architecture

Position Snapshot

Nestlé Global Tech Hub in Barcelona, Spain 

Undefined period of time contract, 

act. rate 100% 

Grade: H

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 
 
 
In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist - Security Architecture.
 

Key responsibilities

•    Conduct systematic end-to-end security architecture reviews of complex Digital Solutions in several domains (Web, E-Commerce, WebCMS, Mobile, IoT, Cloud and associated infrastructure), helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
•    Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.
•    Collaborate with software engineers and Architects to improve software security from design to implementation.
•    Develop the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.
•    Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
•    Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.
•    Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
•    Defend and impose technical choices from a security perspective.
 

Job Requirements

•    Solid understanding of security architecture best practices and implementation (e.g. security protocols, cryptography, authentication, authorization)
•    Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, ability to analyze functional and technical needs, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures
 

Preferred Qualifications

•    Software development or application security testing experience, and exposed to the OWASP Top 10: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities 
•    Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST 
•    Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
•    High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity 
•    High degree of initiative, dependability and ability to work with little supervision 
•    Professional security management certification, such as a CISSP, CISA, OSCP, GIAC or other similar credentials, is preferred. 
•    Highly collaborative approach paired with excellent communication skills to balance trade offs, push back and negotiation to reach goals.
 

Education / Years of Experience

•    Degree in business administration or a technology-related field, or equivalent work- or education-related experience. 
•    5+ years of experience in a combination of risk management, information security and IS/IT jobs. 

Join us!

Show us that you are an enthusiastic, curious, fast learner and a team player person who is used to work with agile practices. Your capacity of dialogue and communicate within teams will be key to your success.
Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. 


Please apply in English at www.nestle.com/jobs. 

The Nestlé Group is the world’s largest food and beverage company with 89.8 billion Swiss Francs in sales in 2017. It is present in 189 countries around the world, has 413 factories and its 323,000 employees are committed to Nestlé’s purpose of enhancing quality of life and contributing to a healthier future. Nestlé offers a wide portfolio of products and services for people and their pets throughout their lives. Its more than 2000 brands range from global icons like Nescafé or Nespresso to local favorites. Company performance is driven by its Nutrition, Health and Wellness strategy. Nestlé is based in the Swiss town of Vevey where it was founded more than 150 years ago. Learn more about our Group and reasons to join us on www.nestle.com.
 

Position Snapshot

Nestlé Global Tech Hub in Barcelona, Spain 

Undefined period of time contract, 

act. rate 100% 

Grade: H

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 
 
 
In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist - Security Architecture.
 

Key responsibilities

•    Conduct systematic end-to-end security architecture reviews of complex Digital Solutions in several domains (Web, E-Commerce, WebCMS, Mobile, IoT, Cloud and associated infrastructure), helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
•    Determine security requirements by evaluating business strategies and requirements following a risk-based approach, evaluate gaps and derived risks, and assess corresponding action plans.
•    Collaborate with software engineers and Architects to improve software security from design to implementation.
•    Develop the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.
•    Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
•    Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.
•    Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
•    Defend and impose technical choices from a security perspective.
 

Job Requirements

•    Solid understanding of security architecture best practices and implementation (e.g. security protocols, cryptography, authentication, authorization)
•    Experience determining security requirements by evaluating business strategies and requirements following a risk-based approach, ability to analyze functional and technical needs, and describe associated data flows and security controls needed, interacting with a broad cross-section of personnel to explain and enforce security measures
 

Preferred Qualifications

•    Software development or application security testing experience, and exposed to the OWASP Top 10: including analyzing, architecting fixes for, and leading developers in remediating code-level vulnerabilities 
•    Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST 
•    Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
•    High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity 
•    High degree of initiative, dependability and ability to work with little supervision 
•    Professional security management certification, such as a CISSP, CISA, OSCP, GIAC or other similar credentials, is preferred. 
•    Highly collaborative approach paired with excellent communication skills to balance trade offs, push back and negotiation to reach goals.
 

Education / Years of Experience

•    Degree in business administration or a technology-related field, or equivalent work- or education-related experience. 
•    5+ years of experience in a combination of risk management, information security and IS/IT jobs. 

Join us!

Show us that you are an enthusiastic, curious, fast learner and a team player person who is used to work with agile practices. Your capacity of dialogue and communicate within teams will be key to your success.
Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. 


Please apply in English at www.nestle.com/jobs. 

The Nestlé Group is the world’s largest food and beverage company with 89.8 billion Swiss Francs in sales in 2017. It is present in 189 countries around the world, has 413 factories and its 323,000 employees are committed to Nestlé’s purpose of enhancing quality of life and contributing to a healthier future. Nestlé offers a wide portfolio of products and services for people and their pets throughout their lives. Its more than 2000 brands range from global icons like Nescafé or Nespresso to local favorites. Company performance is driven by its Nutrition, Health and Wellness strategy. Nestlé is based in the Swiss town of Vevey where it was founded more than 150 years ago. Learn more about our Group and reasons to join us on www.nestle.com.
 

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

Apply now »