Share this Job
Apply now »

Global Tech Hub BCN - Risk and Compliance Specialist - IS/IT Compliance Management

Global Tech Hub BCN - Risk and Compliance Specialist - IS/IT Compliance Management

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.

Position Snapshot

Location: Barcelona, Global Tech Hub

Full-time
Bachelor’s Degree
4+ years of experience in the Risk and Compliance area

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Risk and Compliance Specialist – IS/IT Compliance Management

 

In this position, you will be responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for providing the tools, processes and frameworks to support IS/IT Compliance in Nestle and for conducting IS/IT controls testing.

A day in the life of...

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system
  • Responsible for conducting controls testing, management system reviews and reporting to assess the IS/IT compliance and management system
  • Support all IS/IT teams in identifying and applying Internal and External (legal, regulatory and commercial) compliance requirements
  • Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Responsible for tracking the compliance through relevant metrics
  • Advise on and promote importance of IS/IT related Risk, Compliance and Security outside the IS/IT community
  • Implement tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
  • Sustain the Controls Library by translating Nestlé, Regulatory & Industry standards into actionable control points
  • Collaborate with Audit, IS/IT & NBE support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings
  • Sustain processes with Legal, Quality and Corporate Compliance to ensure IS/IT teams are able to identify and applying internal and external (legal, regulatory and commercial) compliance requirements
  • Processes and procedures for lifecycle management of all technology compliance policies, standards and frameworks in Nestlé, including exceptions management
  • Responsible for defining maintaining an integrated risk, compliance & security index

And...

  • Support the execution of IS/IT audit activities and requests
  • Work with IS/IT teams and internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Validate root causes have been addressed prior to closure of corrective & preventative actions
  • Support IS/IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements
  • Drive root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation
  • Support IS/IT teams in the execution and follow-up of Partner Compliance Audits (including cloud)
  • Act as partner to all IS/IT units for IS/IT compliance questions and advice
  • Drive the development & roll out of the Risk, Compliance & Security competency framework for IS/IT Workforce Planning & Management team including the roll out and tracking of the awareness and behavior training
  • Coach & train IS/IT teams on the implementation and management of controls
  • Train IS/IT teams on standards, policies, frameworks and regulatory requirements

Are you a fit?

  • 4+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • Industry-related compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving compliance issues
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations    
  • Good knowledge of technology environments
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams

Show us that you are an enthusiastic, curious, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you!

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.

Position Snapshot

Location: Barcelona, Global Tech Hub

Full-time
Bachelor’s Degree
4+ years of experience in the Risk and Compliance area

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Risk and Compliance Specialist – IS/IT Compliance Management

 

In this position, you will be responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for providing the tools, processes and frameworks to support IS/IT Compliance in Nestle and for conducting IS/IT controls testing.

A day in the life of...

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system
  • Responsible for conducting controls testing, management system reviews and reporting to assess the IS/IT compliance and management system
  • Support all IS/IT teams in identifying and applying Internal and External (legal, regulatory and commercial) compliance requirements
  • Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Responsible for tracking the compliance through relevant metrics
  • Advise on and promote importance of IS/IT related Risk, Compliance and Security outside the IS/IT community
  • Implement tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
  • Sustain the Controls Library by translating Nestlé, Regulatory & Industry standards into actionable control points
  • Collaborate with Audit, IS/IT & NBE support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings
  • Sustain processes with Legal, Quality and Corporate Compliance to ensure IS/IT teams are able to identify and applying internal and external (legal, regulatory and commercial) compliance requirements
  • Processes and procedures for lifecycle management of all technology compliance policies, standards and frameworks in Nestlé, including exceptions management
  • Responsible for defining maintaining an integrated risk, compliance & security index

And...

  • Support the execution of IS/IT audit activities and requests
  • Work with IS/IT teams and internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Validate root causes have been addressed prior to closure of corrective & preventative actions
  • Support IS/IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements
  • Drive root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation
  • Support IS/IT teams in the execution and follow-up of Partner Compliance Audits (including cloud)
  • Act as partner to all IS/IT units for IS/IT compliance questions and advice
  • Drive the development & roll out of the Risk, Compliance & Security competency framework for IS/IT Workforce Planning & Management team including the roll out and tracking of the awareness and behavior training
  • Coach & train IS/IT teams on the implementation and management of controls
  • Train IS/IT teams on standards, policies, frameworks and regulatory requirements

Are you a fit?

  • 4+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • Industry-related compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving compliance issues
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations    
  • Good knowledge of technology environments
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams

Show us that you are an enthusiastic, curious, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you!

Apply now »