Apply now »

ISIT Risk and Compliance Specialist

ISIT Risk and Compliance Specialist


 

 

Position Snapshot
Business areas: Nespresso Canada
Job title: Risk and Compliance Specialist 
Location: Montreal, QC (Hybrid)
Job Grade: 16

 

Benefits
•    Comprehensive total rewards benefits package including Health and Dental benefits that start on day one of employment 
•    Company matched pension plan 
•    Four weeks of Vacation and six personal days (Personal Paid Holidays) 
•    Flexible and hybrid work arrangements 
•    Excellent training and development programs as well as opportunities to grow within the company 
•    Access to Educational Assistance & Tuition Reimbursement 
•    Bonus eligibility 
•    Free Headspace Account – guidance to create habits to support your mental health 
•    Free Nespresso Coffee Machines and $100 monthly coffee credit 
•    Up to 50% off – Nespresso Coffee Machine, Capsules and accessories 
•    Access to the Discount Company store with Nestlé, Nespresso, and Purina products (Located across various Nestle offices/sites) 
•    Additional discounts on a variety of products and services offered by our preferred vendors and partnerships 
 

Position Summary


We are looking for a Risk and Compliance Specialist for Nespresso based at our Montreal office reporting into the IS/IT Manager.  This person is responsible for implementing (or coordinating implementation), coaching and supporting integrated risk, compliance and security management systems in accordance with the business risk appetite. The management systems enable the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist responsibilities include ensuring the teams can drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for providing the tools, processes and frameworks to support IS/IT Compliance in Nestle/Nespresso and for conducting IS/IT controls testing. 
 

 

A day in the life of a Risk and Compliance Specialist:

Responsible for implementing, coaching and reporting on Risk, Compliance & Security through the Nestlé Compliance and Information Security management system within IS/IT:

•    Supports risk identification and controls mapping for all solutions and processes in IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system
•    Responsible for conducting controls testing, management system reviews and reporting to assess the IS/IT compliance and management system
•    Supports IS/IT team in identifying and applying Internal and External (legal, regulatory, and commercial) compliance requirements
•    Coaches and supports teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
•    Defines, maintains and updates to reflect the current risk and control environment an integrated risk, compliance & security reporting index
•    Advise on and promote importance of IS/IT related Risk, Compliance and Security outside the IS/IT community

 

Responsible for implementing and sustaining the tools and process for the Nestlé Compliance & Information Security Management System:
•    Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements such as PCI and GDPR)
•    Collaborate with Internal Control and IS/IT teams to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings 

Supports the execution of IS/IT audit activities and requests:
•    Works with IS/IT teams and internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
•    Monitors and reports on progress and status of corrective & preventative actions in the management system to address compliance gaps.
•    Supports IS/IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
•    Drives root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation

 

Acts as partner to all IS/IT units for IS/IT compliance questions and advice:
•    Drives the development & roll out of the Risk, Compliance & Security competency framework for IS/IT team including the roll out and tracking of the awareness and behaviour training
•    Performs risk assessment according to agreed Risk & Compliance framework in collaboration with IS/IT teams
•    Trains IS/IT teams on standards, policies, frameworks and regulatory requirements

 

What will make you successful?
•    2-5 years of experience in a combination of risk management, compliance, information security and IS/IT jobs 
•    Bilingualism (English/French) is mandatory
•    Bachelor degree in the field of computer science, IS/IT Security or business administration;
•    Industry-related compliance, risk or security management certification is preferred (CRISC, CISM, CISSP)
•    Demonstrated ability to apply IS/IT-related knowledge and experience in solving compliance issues
•    Experience with ISMS (ISO 27001) certification
•    Experience with the ARCHER tool 
•    Experience developing and submitting IS/IT audit and compliance reports
•    Experience with effective communication at different levels in the organization in English and French
•    Experience creating presentations, coupled with familiarity in utilizing essential Office tools including Word, Excel, PowerPoint, Outlook, Teams, SharePoint, and preferably ServiceNow
•    Experience having worked in a global environment and with virtual teams

 

 

 

What you need to know


We will be considering applicants as they apply, so please don’t delay in submitting your application. 
 
Nestlé Canada is an equal-opportunity employer committed to diversity, equity, inclusion, and accessibility. We welcome qualified applicants to bring their diverse and unique experiences as a result of their education, perspectives, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, colour, religion, disability, sexual orientation and beliefs.

 

If you are selected to participate in the recruitment process, please inform Human Resources of any accommodations you may require. Nestlé will work with you in an effort to ensure that you are able to fully participate in the process.
 

#Li-Hybrid


 

 

Position Snapshot
Business areas: Nespresso Canada
Job title: Risk and Compliance Specialist 
Location: Montreal, QC (Hybrid)
Job Grade: 16

 

Benefits
•    Comprehensive total rewards benefits package including Health and Dental benefits that start on day one of employment 
•    Company matched pension plan 
•    Four weeks of Vacation and six personal days (Personal Paid Holidays) 
•    Flexible and hybrid work arrangements 
•    Excellent training and development programs as well as opportunities to grow within the company 
•    Access to Educational Assistance & Tuition Reimbursement 
•    Bonus eligibility 
•    Free Headspace Account – guidance to create habits to support your mental health 
•    Free Nespresso Coffee Machines and $100 monthly coffee credit 
•    Up to 50% off – Nespresso Coffee Machine, Capsules and accessories 
•    Access to the Discount Company store with Nestlé, Nespresso, and Purina products (Located across various Nestle offices/sites) 
•    Additional discounts on a variety of products and services offered by our preferred vendors and partnerships 
 

Position Summary


We are looking for a Risk and Compliance Specialist for Nespresso based at our Montreal office reporting into the IS/IT Manager.  This person is responsible for implementing (or coordinating implementation), coaching and supporting integrated risk, compliance and security management systems in accordance with the business risk appetite. The management systems enable the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement. The Risk and Compliance Specialist responsibilities include ensuring the teams can drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, you will be responsible for providing the tools, processes and frameworks to support IS/IT Compliance in Nestle/Nespresso and for conducting IS/IT controls testing. 
 

 

A day in the life of a Risk and Compliance Specialist:

Responsible for implementing, coaching and reporting on Risk, Compliance & Security through the Nestlé Compliance and Information Security management system within IS/IT:

•    Supports risk identification and controls mapping for all solutions and processes in IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system
•    Responsible for conducting controls testing, management system reviews and reporting to assess the IS/IT compliance and management system
•    Supports IS/IT team in identifying and applying Internal and External (legal, regulatory, and commercial) compliance requirements
•    Coaches and supports teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system
•    Defines, maintains and updates to reflect the current risk and control environment an integrated risk, compliance & security reporting index
•    Advise on and promote importance of IS/IT related Risk, Compliance and Security outside the IS/IT community

 

Responsible for implementing and sustaining the tools and process for the Nestlé Compliance & Information Security Management System:
•    Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements such as PCI and GDPR)
•    Collaborate with Internal Control and IS/IT teams to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings 

Supports the execution of IS/IT audit activities and requests:
•    Works with IS/IT teams and internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
•    Monitors and reports on progress and status of corrective & preventative actions in the management system to address compliance gaps.
•    Supports IS/IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
•    Drives root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation

 

Acts as partner to all IS/IT units for IS/IT compliance questions and advice:
•    Drives the development & roll out of the Risk, Compliance & Security competency framework for IS/IT team including the roll out and tracking of the awareness and behaviour training
•    Performs risk assessment according to agreed Risk & Compliance framework in collaboration with IS/IT teams
•    Trains IS/IT teams on standards, policies, frameworks and regulatory requirements

 

What will make you successful?
•    2-5 years of experience in a combination of risk management, compliance, information security and IS/IT jobs 
•    Bilingualism (English/French) is mandatory
•    Bachelor degree in the field of computer science, IS/IT Security or business administration;
•    Industry-related compliance, risk or security management certification is preferred (CRISC, CISM, CISSP)
•    Demonstrated ability to apply IS/IT-related knowledge and experience in solving compliance issues
•    Experience with ISMS (ISO 27001) certification
•    Experience with the ARCHER tool 
•    Experience developing and submitting IS/IT audit and compliance reports
•    Experience with effective communication at different levels in the organization in English and French
•    Experience creating presentations, coupled with familiarity in utilizing essential Office tools including Word, Excel, PowerPoint, Outlook, Teams, SharePoint, and preferably ServiceNow
•    Experience having worked in a global environment and with virtual teams

 

 

 

What you need to know


We will be considering applicants as they apply, so please don’t delay in submitting your application. 
 
Nestlé Canada is an equal-opportunity employer committed to diversity, equity, inclusion, and accessibility. We welcome qualified applicants to bring their diverse and unique experiences as a result of their education, perspectives, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, colour, religion, disability, sexual orientation and beliefs.

 

If you are selected to participate in the recruitment process, please inform Human Resources of any accommodations you may require. Nestlé will work with you in an effort to ensure that you are able to fully participate in the process.
 

#Li-Hybrid

Montreal, CA

Montreal, CA

Apply now »