Loading...
Share this Job
Apply now »

ISIT Risk & Compliance Specialist - Information Technology

ISIT Risk & Compliance Specialist - Information Technology

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

Position Snapshot


Location: Barcelona, Global Tech Hub 
Full-time 
Bachelor’s Degree  
4+ years of experience in a combination of Risk Management, compliance and IS/IT jobs.
 

About IT at Nestlé



We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape of the FMCG industry, and a Digital Transformation at scale. We work with leading technologies and top external partners to provide solutions to enable Nestlé to engage with millions of consumers and customers worldwide. We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from candidates who have the courage to challenge; who believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers through responsible use of technology.

Position Summary

 

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Risk and Compliance Specialist – Information Security.
 

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestlé.

A day in the life of...

 

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. 
  • Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system.
  • Responsible for conducting management system reviews and reporting to assess the IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems.
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.).
  • Contribute to the maintenance and development of the controls to address the evolving risk environment, automation and translation of Regulatory & Industry standards into Nestlé as control procedures, metrics and scripts.
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements. 

What will make you successful

 

  • 4+ years of experience in a combination of risk management and information security and IS/IT jobs.
  • Undergraduate degree in the field of computer science, IT Security, Quality Management or business administration; graduate degree in one these fields preferred.
  • IT risk management or security management certification is preferred.
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems.
  • Strong facilitation skills in the area of risk assessments required.
  • Script & report development experience in Power BI, SQL, PowerShell, Python, Power Automate preferred.
  • Demonstrated understanding of GRC tools and data processing 
  • General knowledge of business requirements, processes and management
  • Experience with effective communication at different levels in the organization and in English.
  • Experience having worked in a global environment and with virtual teams.
  • Assist with development and implementation of the information security approach for Merger & Acquisition
  • Preparing and executing a comprehensive project plan for an acquisition in relation with Information Security due diligence
  • Perform comprehensive Due Diligence from an Information Security perspective
  • Establishing effective stakeholder management among acquired organization including business teams and technical teams
  • Ensure timely delivery of Information Security M&A projects
  • Manage Information Security stakeholders from both end and ensure that deliverables are agreed and met
     

We offer an attractive and dynamic international working environment with constant opportunities for development, reflecting our conviction that people are our most important asset. 

If you want to work in an international multi-discipline team, believe you have the right profile and you are looking for a development opportunity apply now in English on our career website www.nestle.com/jobs

Position Snapshot


Location: Barcelona, Global Tech Hub 
Full-time 
Bachelor’s Degree  
4+ years of experience in a combination of Risk Management, compliance and IS/IT jobs.
 

About IT at Nestlé



We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape of the FMCG industry, and a Digital Transformation at scale. We work with leading technologies and top external partners to provide solutions to enable Nestlé to engage with millions of consumers and customers worldwide. We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from candidates who have the courage to challenge; who believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers through responsible use of technology.

Position Summary

 

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Risk and Compliance Specialist – Information Security.
 

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestlé.

A day in the life of...

 

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. 
  • Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system.
  • Responsible for conducting management system reviews and reporting to assess the IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems.
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.).
  • Contribute to the maintenance and development of the controls to address the evolving risk environment, automation and translation of Regulatory & Industry standards into Nestlé as control procedures, metrics and scripts.
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements. 

What will make you successful

 

  • 4+ years of experience in a combination of risk management and information security and IS/IT jobs.
  • Undergraduate degree in the field of computer science, IT Security, Quality Management or business administration; graduate degree in one these fields preferred.
  • IT risk management or security management certification is preferred.
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems.
  • Strong facilitation skills in the area of risk assessments required.
  • Script & report development experience in Power BI, SQL, PowerShell, Python, Power Automate preferred.
  • Demonstrated understanding of GRC tools and data processing 
  • General knowledge of business requirements, processes and management
  • Experience with effective communication at different levels in the organization and in English.
  • Experience having worked in a global environment and with virtual teams.
  • Assist with development and implementation of the information security approach for Merger & Acquisition
  • Preparing and executing a comprehensive project plan for an acquisition in relation with Information Security due diligence
  • Perform comprehensive Due Diligence from an Information Security perspective
  • Establishing effective stakeholder management among acquired organization including business teams and technical teams
  • Ensure timely delivery of Information Security M&A projects
  • Manage Information Security stakeholders from both end and ensure that deliverables are agreed and met
     

We offer an attractive and dynamic international working environment with constant opportunities for development, reflecting our conviction that people are our most important asset. 

If you want to work in an international multi-discipline team, believe you have the right profile and you are looking for a development opportunity apply now in English on our career website www.nestle.com/jobs

Apply now »