Loading...
Share this Job
Apply now »

Senior Cyber and Digital Security Specialist - Multi-Cloud

Senior Cyber and Digital Security Specialist - Multi-Cloud

Esplugues Llobregat, B, ES, 08950

Esplugues Llobregat, B, ES, 08950

About IT Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

In order to complete our Security & Compliance Department, we are currently looking for a Senior Cyber and Digital Security Specialist – Multi-Cloud. 

Position Snapshot
  • Location: IT Global Hub (Barcelona, Spain)
  • Permanent contract
  • Full-time position.
Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Cyber and Digital Security Specialist will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you will represent Security in various core team meetings. The Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

Key Responsibilities
  • Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks
  • Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design"
  • Develop, maintain and publish up-to-date security policies, standards, and guidelines, and oversee training and dissemination of security policies and practices
  • Provide periodic reporting on the current status of the information security program to enterprise risk teams, senior business and IS/IT leaders – in collaboration with the Office of the CIO - as part of a strategic enterprise risk management program
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
  • Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings
  • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance, and business continuity management
  • Serve as a security expert in DevOps, application development, infrastructure design and deployment, database design, network and/or platform (operating system) efforts, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices
  • Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.
Required Profile
  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
  • 5+ years of experience in a combination of risk management, information security and IS/IT jobs
  • Experience in complex enterprise environments and current technology areas like cloud and mobility
  • Hands-on experience with Azure and/or AWS and/or GCP related to administration, security, deployment, management and automation technologies
  • DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies
  • Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)
  • Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
  • Experience in effective communication at different level in the organization and in English
  • Preference to have worked in a global environment and with virtual teams
  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
  • Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST
  • Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker with strong problem-solving skills
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
About IT Nestlé

We are a multicultural and diverse team of IT professionals driving the biggest IT operations landscape and digital transformation of the FMCG industry. We work with leading technologies and solutions to enable Nestle to engage with millions of consumers worldwide. We transform how we use data with machine learning, advanced analytics, and introduce automation to drive industry 4.0 opportunities in areas including supply chain and manufacturing.

We look for people who are curious, courageous, innovative, collaborative and passionate about new technologies. We want to hear from people who have the courage to challenge; believe the only way of moving forward is by doing and who look for solutions to improve the lives of our consumers.

If this is you and you want to make an impact globally, join us and there will be no limits to your career.

#makeITpossible at Nestlé.

In order to complete our Security & Compliance Department, we are currently looking for a Senior Cyber and Digital Security Specialist – Multi-Cloud. 

Position Snapshot
  • Location: IT Global Hub (Barcelona, Spain)
  • Permanent contract
  • Full-time position.
Position Summary

In this position, you are responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Cyber and Digital Security Specialist will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, you will represent Security in various core team meetings. The Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

Key Responsibilities
  • Conduct systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks
  • Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design"
  • Develop, maintain and publish up-to-date security policies, standards, and guidelines, and oversee training and dissemination of security policies and practices
  • Provide periodic reporting on the current status of the information security program to enterprise risk teams, senior business and IS/IT leaders – in collaboration with the Office of the CIO - as part of a strategic enterprise risk management program
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
  • Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings
  • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance, and business continuity management
  • Serve as a security expert in DevOps, application development, infrastructure design and deployment, database design, network and/or platform (operating system) efforts, helping product teams comply with enterprise and IS/IT security policies, industry regulations and best practices
  • Maintain and enhance the documentation standard for discoveries and reporting of malicious tactics, techniques, and procedures.
Required Profile
  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
  • 5+ years of experience in a combination of risk management, information security and IS/IT jobs
  • Experience in complex enterprise environments and current technology areas like cloud and mobility
  • Hands-on experience with Azure and/or AWS and/or GCP related to administration, security, deployment, management and automation technologies
  • DevOps experience building and deploying infrastructure with cloud deployment, build and test automation technologies
  • Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)
  • Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
  • Experience in effective communication at different level in the organization and in English
  • Preference to have worked in a global environment and with virtual teams
  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
  • Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST
  • Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker with strong problem-solving skills
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Apply now »