Loading...
Share this Job
Apply now »

Senior Cyber and Digital Security Expert - Multi-Cloud

Senior Cyber and Digital Security Expert - Multi-Cloud

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

About IT Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

In order to complete our Security & Compliance Department, we are currently looking for a Senior Cyber and Digital Security Expert – Multi-Cloud. 

Position Snapshot
  • Location: Nestlé Global Tech Hub (Barcelona, Spain)
  • Permanent contract 
  • Full time position. 
Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. As Senior Cyber and Digital Security Specialist you are required to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. You will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you represent Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

Key Responsibilities
  • Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks.
  • Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design".
  • Develop, maintain and publish up-to-date security policies, standards, and guidelines, and oversee training and dissemination of security policies and practices.
  • Work directly with IS/IT Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
  • Facilitate a metrics and reporting framework in collaboration with the Office of the CIO to measure the efficiency and effectiveness of the program, promoting appropriate resource allocation, and increase the maturity of the security.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
  • Liaise with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  • Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations.
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provides direction, support and in-house consulting in these areas.
  • Serve as a security expert in DevOps, application development, infrastructure design and deployment, database design, network and/or platform (operating system) efforts, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
  • Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.
What will make you successful
  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
  • 7+ years of experience in a combination of risk management, information security and IS/IT jobs
  • Employment history must demonstrate increasing levels of responsibility
  • High degree of experience with Azure and/or AWS and/or GCP related to securing administration, deployment, management and automation technologies for or in large organizations
  • Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)
  • Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
  • Preference to have worked in a global environment and with virtual teams
  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Must be a critical thinker with strong problem-solving skills
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
About IT Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

In order to complete our Security & Compliance Department, we are currently looking for a Senior Cyber and Digital Security Expert – Multi-Cloud. 

Position Snapshot
  • Location: Nestlé Global Tech Hub (Barcelona, Spain)
  • Permanent contract 
  • Full time position. 
Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. As Senior Cyber and Digital Security Specialist you are required to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. You will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you represent Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

Key Responsibilities
  • Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks.
  • Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design".
  • Develop, maintain and publish up-to-date security policies, standards, and guidelines, and oversee training and dissemination of security policies and practices.
  • Work directly with IS/IT Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
  • Facilitate a metrics and reporting framework in collaboration with the Office of the CIO to measure the efficiency and effectiveness of the program, promoting appropriate resource allocation, and increase the maturity of the security.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
  • Liaise with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  • Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations.
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provides direction, support and in-house consulting in these areas.
  • Serve as a security expert in DevOps, application development, infrastructure design and deployment, database design, network and/or platform (operating system) efforts, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices.
  • Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.
What will make you successful
  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
  • 7+ years of experience in a combination of risk management, information security and IS/IT jobs
  • Employment history must demonstrate increasing levels of responsibility
  • High degree of experience with Azure and/or AWS and/or GCP related to securing administration, deployment, management and automation technologies for or in large organizations
  • Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)
  • Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
  • Preference to have worked in a global environment and with virtual teams
  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
  • Must be a critical thinker with strong problem-solving skills
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Apply now »