IT Security and Compliance Manager (Remote)
IT Security and Compliance Manager (Remote)
At Nespresso, we place people and specialty coffee at the heart of what we do. As part of our team, you'll be empowered to inspire, care, act, and innovate to reach your full potential and reimagine what coffee can be. As a certified B Corporation, we're committed to driving our triple bottom line – People, Profit, and Planet – by delivering an exceptional coffee experience that elevates our community, suppliers, farmers, and each other, channeling our growth-minded spirit to set new standards in global coffee culture. Quality, sustainability, diversity, and inclusion are core to who we are and critical to our vision of driving positive change. Throughout our factories, boutiques, and office locations, Nespresso careers are brimming with best-in-class opportunities for your development and growth. Join us!
Position Summary:
We are currently seeking a highly skilled and motivated IT Security and Compliance Manager to join our team. In this role, you will play a crucial part in streamlining collaboration between our Business and IT departments, working closely with the IT Director and IT streams.
As the IT Security and Compliance Manager, you will serve as the principal contact between multiple Business Stakeholders and IT stakeholders throughout the entire lifecycle of our products and services. Your primary responsibility will be to ensure Nespresso USA's compliance with Nestle Information Security policies and regulatory standards. Additionally, you will be accountable for market-specific security and compliance metrics, projects, and initiatives.
To excel in this role, you will need to actively stay updated on industry trends, possess excellent communication skills, and have a knack for facilitating issue resolution. You will also be expected to trigger escalation processes when necessary and have a deep understanding of the IT organization, stakeholders, and governance.
As the representative of the Business for IT and IT for the Business, you will collaborate with various internal and external partners to influence the product roadmap. If you are a proactive and results-driven professional with a passion for security and compliance, we invite you to join our team and make a significant impact on our organization's success.
Key Responsibilities:
Relationship Management:
- Deep understanding of functional business objectives, processes, governance, and challenges. Strong relationships with key business stakeholders.
- Maintains the same level of relationship within IT. Proactively shares business requirements/insights with IT, secures the required IT resources, and brings the right people together to ensure value creation for both the business and IT.
- Leads regular interactions between both organizations to inform and maintain a continuing good relationship and a shared vision.
Value Delivery:
- Regularly attends meetings with receivers and becomes part of their extended functional team.
- Establishes the link between specific business objectives, activities, initiatives, projects, or programs and IT to identify, forecast, and deliver integrated value across multiple products.
- Ensures value delivery and sustainability, assisting the business in finding durable solutions for pain points in adopting the products.
- Escalates items that are not receiving appropriate attention, including approvals and issue resolutions.
- Works with business units to understand operational processes and ensure their conformity to IT compliance standards.
Security, Compliance & Risk Management:
- Accountable for ensuring the delivery and maintenance of secure and compliant applications within their product, adhering to internal standards and external regulations, including privacy requirements and business continuity plans.
- Promotes and enforces adherence to global Nestle standards/guidelines and global and local regulatory compliance requirements.
- Identifies IT compliance control gaps and oversees the remediation process.
- Holds overall accountability for the performance of the Nespresso Information Security Management System (ISMS).
- Reports security incidents and non-compliant issues to the IT Director, functional teams, and market leadership.
- Ensures that all compliance and information security matters are properly represented and acted upon by responsible parties.
- Responsible for overseeing market's PCI compliance, managing the Attestation of Compliance (AOC) process to ensure compliance with PCI DSS standards.
- Supports and enables Nestle data privacy and protection standards in alignment with legal requirements.
- Serves as a key member of a team that drives data privacy behavior, shapes the culture of ethics and integrity, designs and implements compliance programs, enforces compliance initiatives, and builds awareness for employees around ethics and compliance.
- Manages the day-to-day operations of the data privacy program and serves as a data protection champion for the market.
- Works with the company's legal counsel to maintain standards and controls to comply with state, national, and international data privacy regulations and laws.
Leadership:
- Creates the context by aligning and adopting local and global security and compliance strategies, leading by example, promoting an open culture and our values in a sustainable way, and fostering innovation and an entrepreneurial mindset.
- Provides leadership, coaching, and training in the areas of compliance and information security to Nespresso USA end users and the Nespresso USA IT team.
- Drives cross-functional performance by empowering and enabling people, giving and receiving feedback, evaluating and differentiating performance, and constantly challenging the organizational setup to ensure results and effectiveness.
- Recognizes achievements by giving and receiving recognition and rewarding performance.
Experience and Education Requirements:
- Bachelor’s degree or higher required. Preferred field of study: Computer Science or any field related to IT Security and/or IT Compliance.
- Demonstrated experience in a product-based IT organization
- 5+ years of experience in IT required
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or Certified Information Systems Manager (CISM) certification preferred
- Working knowledge and strong understanding of security best practices for IT technologies, including Windows Active Directory, network routing and switching, firewalls, cloud computing, cloud-based services, and Mobile Device Management (MDM)
- Working knowledge of APIs & integration, consumer research, and UI/UX
- Strong understanding of basic system engineering, information risk and security guidelines, and architecture standards
- Deep understanding of the IT landscape in the functional area
- Proven track record of taking ownership and successfully delivering results in a fast-paced, dynamic environment
- Understanding of various software development methodologies (e.g., agile, waterfall)
- Understanding of modeling techniques
- Experience with effective communication at different levels within an organization
- Experience working in a global environment and with virtual teams
- Excellent understanding of business complexity and interdependencies
- Understanding of how the technologies are applied in the scope by best-in-class companies
- Above-average organization and prioritization skills, with the ability to juggle multiple responsibilities at the same time
The approximate pay range for this position is $135,000.00 to $155,000.00. Please note that the pay range provided is a good faith estimate for the position at the time of posting. Final compensation may vary based on factors including but not limited to knowledge, skills and abilities as well as geographic location.
Nestlé offers performance-based incentives and a competitive total rewards package, which includes a 401k with company match, healthcare coverage and a broad range of other benefits. Incentives and/or benefit packages may vary depending on the position. Learn more at About Us | Nestlé Careers (nestlejobs.com)
Requisition ID: 319882
It is our business imperative to remain a very inclusive workplace.
To our veterans and separated service members, you're at the forefront of our minds as we recruit top talent to join Nestlé. The skills you've gained while serving our country, such as flexibility, agility, and leadership, are much like the skills that will make you successful in this role. In addition, with our commitment to an inclusive work environment, we recognize the exceptional engagement and innovation displayed by individuals with disabilities. Nestlé seeks such skilled and qualified individuals to share our mission where you’ll join a cohort of others who have chosen to call Nestlé home.
Nestlé Nespresso USA is an equal opportunity employer and is looking for diversity in qualified candidates for employment. If you require an accommodation in order to view or apply to open position, please dial 711 and provide this number to the operator: 1-800-321-6467.
This position is not eligible for Visa Sponsorship.
Review our applicant privacy notice before applying at https://www.nestlejobs.com/privacy
At Nespresso, we place people and specialty coffee at the heart of what we do. As part of our team, you'll be empowered to inspire, care, act, and innovate to reach your full potential and reimagine what coffee can be. As a certified B Corporation, we're committed to driving our triple bottom line – People, Profit, and Planet – by delivering an exceptional coffee experience that elevates our community, suppliers, farmers, and each other, channeling our growth-minded spirit to set new standards in global coffee culture. Quality, sustainability, diversity, and inclusion are core to who we are and critical to our vision of driving positive change. Throughout our factories, boutiques, and office locations, Nespresso careers are brimming with best-in-class opportunities for your development and growth. Join us!
Position Summary:
We are currently seeking a highly skilled and motivated IT Security and Compliance Manager to join our team. In this role, you will play a crucial part in streamlining collaboration between our Business and IT departments, working closely with the IT Director and IT streams.
As the IT Security and Compliance Manager, you will serve as the principal contact between multiple Business Stakeholders and IT stakeholders throughout the entire lifecycle of our products and services. Your primary responsibility will be to ensure Nespresso USA's compliance with Nestle Information Security policies and regulatory standards. Additionally, you will be accountable for market-specific security and compliance metrics, projects, and initiatives.
To excel in this role, you will need to actively stay updated on industry trends, possess excellent communication skills, and have a knack for facilitating issue resolution. You will also be expected to trigger escalation processes when necessary and have a deep understanding of the IT organization, stakeholders, and governance.
As the representative of the Business for IT and IT for the Business, you will collaborate with various internal and external partners to influence the product roadmap. If you are a proactive and results-driven professional with a passion for security and compliance, we invite you to join our team and make a significant impact on our organization's success.
Key Responsibilities:
Relationship Management:
- Deep understanding of functional business objectives, processes, governance, and challenges. Strong relationships with key business stakeholders.
- Maintains the same level of relationship within IT. Proactively shares business requirements/insights with IT, secures the required IT resources, and brings the right people together to ensure value creation for both the business and IT.
- Leads regular interactions between both organizations to inform and maintain a continuing good relationship and a shared vision.
Value Delivery:
- Regularly attends meetings with receivers and becomes part of their extended functional team.
- Establishes the link between specific business objectives, activities, initiatives, projects, or programs and IT to identify, forecast, and deliver integrated value across multiple products.
- Ensures value delivery and sustainability, assisting the business in finding durable solutions for pain points in adopting the products.
- Escalates items that are not receiving appropriate attention, including approvals and issue resolutions.
- Works with business units to understand operational processes and ensure their conformity to IT compliance standards.
Security, Compliance & Risk Management:
- Accountable for ensuring the delivery and maintenance of secure and compliant applications within their product, adhering to internal standards and external regulations, including privacy requirements and business continuity plans.
- Promotes and enforces adherence to global Nestle standards/guidelines and global and local regulatory compliance requirements.
- Identifies IT compliance control gaps and oversees the remediation process.
- Holds overall accountability for the performance of the Nespresso Information Security Management System (ISMS).
- Reports security incidents and non-compliant issues to the IT Director, functional teams, and market leadership.
- Ensures that all compliance and information security matters are properly represented and acted upon by responsible parties.
- Responsible for overseeing market's PCI compliance, managing the Attestation of Compliance (AOC) process to ensure compliance with PCI DSS standards.
- Supports and enables Nestle data privacy and protection standards in alignment with legal requirements.
- Serves as a key member of a team that drives data privacy behavior, shapes the culture of ethics and integrity, designs and implements compliance programs, enforces compliance initiatives, and builds awareness for employees around ethics and compliance.
- Manages the day-to-day operations of the data privacy program and serves as a data protection champion for the market.
- Works with the company's legal counsel to maintain standards and controls to comply with state, national, and international data privacy regulations and laws.
Leadership:
- Creates the context by aligning and adopting local and global security and compliance strategies, leading by example, promoting an open culture and our values in a sustainable way, and fostering innovation and an entrepreneurial mindset.
- Provides leadership, coaching, and training in the areas of compliance and information security to Nespresso USA end users and the Nespresso USA IT team.
- Drives cross-functional performance by empowering and enabling people, giving and receiving feedback, evaluating and differentiating performance, and constantly challenging the organizational setup to ensure results and effectiveness.
- Recognizes achievements by giving and receiving recognition and rewarding performance.
Experience and Education Requirements:
- Bachelor’s degree or higher required. Preferred field of study: Computer Science or any field related to IT Security and/or IT Compliance.
- Demonstrated experience in a product-based IT organization
- 5+ years of experience in IT required
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or Certified Information Systems Manager (CISM) certification preferred
- Working knowledge and strong understanding of security best practices for IT technologies, including Windows Active Directory, network routing and switching, firewalls, cloud computing, cloud-based services, and Mobile Device Management (MDM)
- Working knowledge of APIs & integration, consumer research, and UI/UX
- Strong understanding of basic system engineering, information risk and security guidelines, and architecture standards
- Deep understanding of the IT landscape in the functional area
- Proven track record of taking ownership and successfully delivering results in a fast-paced, dynamic environment
- Understanding of various software development methodologies (e.g., agile, waterfall)
- Understanding of modeling techniques
- Experience with effective communication at different levels within an organization
- Experience working in a global environment and with virtual teams
- Excellent understanding of business complexity and interdependencies
- Understanding of how the technologies are applied in the scope by best-in-class companies
- Above-average organization and prioritization skills, with the ability to juggle multiple responsibilities at the same time
The approximate pay range for this position is $135,000.00 to $155,000.00. Please note that the pay range provided is a good faith estimate for the position at the time of posting. Final compensation may vary based on factors including but not limited to knowledge, skills and abilities as well as geographic location.
Nestlé offers performance-based incentives and a competitive total rewards package, which includes a 401k with company match, healthcare coverage and a broad range of other benefits. Incentives and/or benefit packages may vary depending on the position. Learn more at About Us | Nestlé Careers (nestlejobs.com)
Requisition ID: 319882
It is our business imperative to remain a very inclusive workplace.
To our veterans and separated service members, you're at the forefront of our minds as we recruit top talent to join Nestlé. The skills you've gained while serving our country, such as flexibility, agility, and leadership, are much like the skills that will make you successful in this role. In addition, with our commitment to an inclusive work environment, we recognize the exceptional engagement and innovation displayed by individuals with disabilities. Nestlé seeks such skilled and qualified individuals to share our mission where you’ll join a cohort of others who have chosen to call Nestlé home.
Nestlé Nespresso USA is an equal opportunity employer and is looking for diversity in qualified candidates for employment. If you require an accommodation in order to view or apply to open position, please dial 711 and provide this number to the operator: 1-800-321-6467.
This position is not eligible for Visa Sponsorship.
Review our applicant privacy notice before applying at https://www.nestlejobs.com/privacy
New York, NY, US, 10001
New York, NY, US, 10001
Nearest Major Market: Manhattan
Nearest Secondary Market: New York City