Share this Job
Apply now »

IS/IT Risk and Compliance Senior Specialist - Information Security

IS/IT Risk and Compliance Senior Specialist - Information Security

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

About IT in Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

Position Snapshot

Location: Barcelona, Global Tech Hub 

Permanent contract

Full-time position

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Senior Risk and Compliance Specialist – Information Security.

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system thus ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestle.

A day in the life
  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Responsible for conducting management system reviews and reporting to assess the IS/IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Contribute to the maintenance and development the Cyber Risk Framework & Controls library to address the evolving risk environment and translate into the Nestlé context Regulatory & Industry standards as control points
  • Support the roll out & evolution of the Risk, Compliance & Security competency framework, including the roll out and tracking of the awareness and behavior training. Coach & train IS/IT teams on the implementation and management of controls, Train IS/IT teams on standards, policies, frameworks and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements.
Are you a fit?
  • 8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs and 4+ years in a leadership role
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • IS/IT compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations     
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams.
About IT in Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

Position Snapshot

Location: Barcelona, Global Tech Hub 

Permanent contract

Full-time position

Position Summary

In order to complete our IS/IT Security & Compliance Department, we are currently looking for a Senior Risk and Compliance Specialist – Information Security.

Under the supervision and guidance of his/her Product Manager, the Senior Risk and Compliance Specialist – Information Security will be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance to the business risk appetite. The management system enables the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system thus ensuring they deliver and sustain compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for supporting the definition and providing the tools, processes and frameworks to support IS/IT risk & control management in Nestle.

A day in the life
  • Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
  • Responsible for conducting management system reviews and reporting to assess the IS/IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
  • Provide guidance and support to IS/IT teams in implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework
  • Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
  • Contribute to the maintenance and development the Cyber Risk Framework & Controls library to address the evolving risk environment and translate into the Nestlé context Regulatory & Industry standards as control points
  • Support the roll out & evolution of the Risk, Compliance & Security competency framework, including the roll out and tracking of the awareness and behavior training. Coach & train IS/IT teams on the implementation and management of controls, Train IS/IT teams on standards, policies, frameworks and regulatory requirements
  • Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements.
Are you a fit?
  • 8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs and 4+ years in a leadership role
  • Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Management or business administration; graduate degree in one these fields preferred
  • IS/IT compliance, risk or security management certification is preferred
  • Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems
  • Experience developing and submitting IS/IT audit and compliance reports
  • Direct experience and knowledge of regional, national and local information technology laws and regulations     
  • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
  • General knowledge of business theory, processes, management, budgeting & office operations
  • Solid understanding of product management principles
  • Experience with effective communication at different levels in the organization and in English
  • Experience having worked in a global environment and with virtual teams.

Apply now »