Loading...
Share this Job
Apply now »

Cyber and Digital Security Senior Specialist - Digital Security - WAF

Cyber and Digital Security Senior Specialist - Digital Security - WAF

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

Position Snapshot

Nestlé Global Tech Hub in Barcelona, Spain 

Undefined period of time contract, 

act. rate 100% 

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 

  

In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist - Digital Security. 

Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. As Senior Cyber and Digital Security Specialist you are required to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. You will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you represent Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends. 

Key responsibilities

•    Directly contribute to growth and development related to our Web Application Firewall (WAF) solution and practices. 
•    Analyzing and developing policies and solutions to support WAF security on an enterprise scale.
•    Liase with IT teams and vendors to implement, improve and solve operational issues related to WAFs.
•    Contribute to the WAF program by reviewing, analyzing, developing and deploying security policies. 
•    Review threats and ensure that blocking efficacy is high.
•    Assist with project efforts to design security controls and processes that solve business problems.
•    Serve as a security expert in Web Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
•    Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks. 
•    Play a key role in maturing and automating application security testing processes
•    Actively guide the application development teams to help them comply with published Policies and Standards
•    Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite

Also:

•    Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.
•    Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design". 
•    Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
•    Work directly with IS/IT Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk. 
•    Facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings. 
•    Provide strategic risk guidance for IS/IT projects and product management, including the evaluation and recommendation of technical controls. 
•    Liaise with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. 
•    Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. 
•    Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. 
•    Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required. 
•    Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance and business continuity management. 
•    Work closely with Enterprise Architects, other functional area architects and other Security Specialists to ensure adequate security solutions are in place throughout all IS/IT products and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements. 
•    Develop the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.  
•    Contribute to the alignment of security governance with EA governance and product and other portfolio management. 
•    Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.

Required Profile

•    Degree in business administration or a technology-related field, or equivalent work- or education-related experience 
•    8+ years of experience in a combination of risk management, information security and IS/IT jobs — at least four must be in a senior leadership role 
•    Employment history must demonstrate increasing levels of responsibility 
•    Strong understanding of on premise and cloud based Web Application Firewall Technologies.
•    Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment 
•    Experience with contract and vendor negotiations 
•    Experience in effective communication at different level in the organization and in English 
•    Preference to have worked in a global environment and with virtual teams 
•    Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations 
•    Professional security management certification, such as a CISSP, CISA, OSCP, GIAC or other similar credentials, is preferred 
•    Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST 
•    Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
•    Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives 
•    Project management skills; financial/budget management, scheduling and resource management 
•    Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals 
•    Ability to work well under minimal supervision 
•    Poise and ability to act calmly and competently in high-pressure, high-stress situations 
•    Must be a critical thinker with strong problem-solving skills 
•    High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity 
•    High degree of initiative, dependability and ability to work with little supervision 
•    High degree of ethical standards and values 

Join Us!

Show us that you are an enthusiastic, curious, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you! 

 The Nestlé Group is the world’s largest food and beverage company with 89.8 billion Swiss Francs in sales in 2017. It is present in 189 countries around the world, has 413 factories and its 323,000 employees are committed to Nestlé’s purpose of enhancing quality of life and contributing to a healthier future. Nestlé offers a wide portfolio of products and services for people and their pets throughout their lives. Its more than 2000 brands range from global icons like Nescafé or Nespresso to local favorites. Company performance is driven by its Nutrition, Health and Wellness strategy. Nestlé is based in the Swiss town of Vevey where it was founded more than 150 years ago. Learn more about our Group and reasons to join us on www.nestle.com

Position Snapshot

Nestlé Global Tech Hub in Barcelona, Spain 

Undefined period of time contract, 

act. rate 100% 

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value. 

  

In order to complete our Security & Compliance Department, we are currently looking for a Cyber and Digital Security Senior Specialist - Digital Security. 

Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. As Senior Cyber and Digital Security Specialist you are required to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. You will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you represent Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends. 

Key responsibilities

•    Directly contribute to growth and development related to our Web Application Firewall (WAF) solution and practices. 
•    Analyzing and developing policies and solutions to support WAF security on an enterprise scale.
•    Liase with IT teams and vendors to implement, improve and solve operational issues related to WAFs.
•    Contribute to the WAF program by reviewing, analyzing, developing and deploying security policies. 
•    Review threats and ensure that blocking efficacy is high.
•    Assist with project efforts to design security controls and processes that solve business problems.
•    Serve as a security expert in Web Application Security, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
•    Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks. 
•    Play a key role in maturing and automating application security testing processes
•    Actively guide the application development teams to help them comply with published Policies and Standards
•    Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite

Also:

•    Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases.
•    Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design". 
•    Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices. 
•    Work directly with IS/IT Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk. 
•    Facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings. 
•    Provide strategic risk guidance for IS/IT projects and product management, including the evaluation and recommendation of technical controls. 
•    Liaise with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. 
•    Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings. 
•    Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. 
•    Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required. 
•    Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance and business continuity management. 
•    Work closely with Enterprise Architects, other functional area architects and other Security Specialists to ensure adequate security solutions are in place throughout all IS/IT products and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements. 
•    Develop the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.  
•    Contribute to the alignment of security governance with EA governance and product and other portfolio management. 
•    Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.

Required Profile

•    Degree in business administration or a technology-related field, or equivalent work- or education-related experience 
•    8+ years of experience in a combination of risk management, information security and IS/IT jobs — at least four must be in a senior leadership role 
•    Employment history must demonstrate increasing levels of responsibility 
•    Strong understanding of on premise and cloud based Web Application Firewall Technologies.
•    Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment 
•    Experience with contract and vendor negotiations 
•    Experience in effective communication at different level in the organization and in English 
•    Preference to have worked in a global environment and with virtual teams 
•    Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations 
•    Professional security management certification, such as a CISSP, CISA, OSCP, GIAC or other similar credentials, is preferred 
•    Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST 
•    Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences 
•    Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives 
•    Project management skills; financial/budget management, scheduling and resource management 
•    Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals 
•    Ability to work well under minimal supervision 
•    Poise and ability to act calmly and competently in high-pressure, high-stress situations 
•    Must be a critical thinker with strong problem-solving skills 
•    High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity 
•    High degree of initiative, dependability and ability to work with little supervision 
•    High degree of ethical standards and values 

Join Us!

Show us that you are an enthusiastic, curious, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you! 

 The Nestlé Group is the world’s largest food and beverage company with 89.8 billion Swiss Francs in sales in 2017. It is present in 189 countries around the world, has 413 factories and its 323,000 employees are committed to Nestlé’s purpose of enhancing quality of life and contributing to a healthier future. Nestlé offers a wide portfolio of products and services for people and their pets throughout their lives. Its more than 2000 brands range from global icons like Nescafé or Nespresso to local favorites. Company performance is driven by its Nutrition, Health and Wellness strategy. Nestlé is based in the Swiss town of Vevey where it was founded more than 150 years ago. Learn more about our Group and reasons to join us on www.nestle.com

Apply now »