Share this Job

Global Tech Hub BCN-Senior Risk and Compliance Specialist - Information Security

Global Tech Hub BCN-Senior Risk and Compliance Specialist - Information Security

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.

Position Snapshot

Location: Barcelona, Global Tech Hub 

Full-time 
Bachelor’s Degree  
8+ years of experience in a combination of risk Management, compliance, and IS/IT jobs.

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Senior Risk and Compliance Specialist – Information Security

 

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system thus ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestle.

A day in the life

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Responsible for conducting management system reviews and reporting to assess the IS/IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Contribute to the maintenance and development the Cyber Risk Framework & Controls library to address the evolving risk environment and translate into the Nestlé context Regulatory & Industry standards as control points
  • Support the roll out & evolution of the Risk, Compliance & Security competency framework, including the roll out and tracking of the awareness and behavior training. Coach & train IS/IT teams on the implementation and management of controls, Train IS/IT teams on standards, policies, frameworks and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements

Are you a fit?

  • 8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs - thereof >4 years in a leadership role
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • IS/IT compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations     
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams

Show us that you are an enthusiastic, motivated, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to do whatever it takes to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you!

About IT in Nestlé

We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.

Position Snapshot

Location: Barcelona, Global Tech Hub 

Full-time 
Bachelor’s Degree  
8+ years of experience in a combination of risk Management, compliance, and IS/IT jobs.

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Senior Risk and Compliance Specialist – Information Security

 

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system thus ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestle.

A day in the life

  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Responsible for conducting management system reviews and reporting to assess the IS/IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Contribute to the maintenance and development the Cyber Risk Framework & Controls library to address the evolving risk environment and translate into the Nestlé context Regulatory & Industry standards as control points
  • Support the roll out & evolution of the Risk, Compliance & Security competency framework, including the roll out and tracking of the awareness and behavior training. Coach & train IS/IT teams on the implementation and management of controls, Train IS/IT teams on standards, policies, frameworks and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements

Are you a fit?

  • 8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs - thereof >4 years in a leadership role
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • IS/IT compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations     
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams

Show us that you are an enthusiastic, motivated, fast learner and team player person who is used to work with agile practices. Your ability to be flexible, self-motivated and your willingness to do whatever it takes to deliver on a deadline will set you apart among the other candidates. Please don’t hesitate and apply in English at www.nestle.com/jobs. We are excited to hear from you!

Find similar jobs: