At Nespresso we place people and specialty coffee at the heart of what we do. As part of our team, you'll be empowered to inspire, care, act, and innovate to reach your full potential and reimagine what coffee can be. We're committed to delivering an exceptional coffee experience that elevates our community, suppliers, farmers, and each other, channeling our growth-minded spirit to set new standards in global coffee culture. Quality, sustainability, diversity and inclusion are core to who we are and critical to our vision of driving positive change. Throughout our factories, boutiques, and office locations, Nespresso careers are brimming with first-rate opportunities to push the boundaries of coffee exploration.

Position Overview:
The security and compliance Specialist will support the Functional relationship manager to monitor, identify and mitigate potential security risks in the organization and ensure compliance with the Nespresso and Nestle Information Security policies and regulatory standards. The security and compliance Specialist will also assist in addressing audit requests, and requirements for the data privacy regulations. This role involves active knowledge of industry trends and best practices, transparent communications, facilitation of issue resolution, triggering escalation processes when required, and an understanding of the IT risk assessments and governance. This is a Hybrid Work Environment opportunity with expectations of being in the office 2-3 days per week. 

Responsibilities: 

Security & Risk Management

• Supports the management of the Nespresso Information Security Management System (ISMS) performance
• Reports security incidents and non-compliant issues to Functional relationship manager and IT leadership
• Builds awareness for employees around cyber security, ethics and compliance
• Identifies potential security risks in the organization and assists in risk mitigation
• Supports new security initiatives/ projects within the organization

Application Business and Privacy Impact Assessments

• Assists business functions with the undertaking of business and privacy impact assessments for all new systems, digital assets or projects involving the processing of Nespresso data 
• Supports the business in managing the mitigation of identified risks and ensure remediation activities are prioritized in accordance with the impact analysis
• Supports periodic risk-assessments of the applications

Data Privacy 

• Assists with monitoring, tracking and addressing customer data privacy requests for data deletions, access and corrections 
• Supports data discovery and data mapping exercises

Compliance

• Assists in enforcing adherence to global Nestle standards/guidelines and to global and local regulatory compliance requirements
• Identifies IT compliance control gaps and oversees remediation process
• Ensures all Compliance and Information Security related matters are properly represented and acted upon by responsible parties
• Maintains requirements for market's PCI compliance. Supports Attestation of Compliance (AOC) process to ensure compliance with PCI DSS standards
• Assists in documenting and maintaining Standard Operating Procedures (SOPs) for compliance processes
• Supports global and local IT compliance audits, assessments and reviews. Ensures that market follows on the findings to comply with Nestle compliance standards

Requirements: 

• Bachelor’s degree in computer science or field related to IT Security and Compliance is required
• Demonstrated experience in a product based IT organization 
• 2-4 years experience in IT Security and Compliance
• Proven track record of taking ownership and successfully delivering results in a fast-paced, dynamic environment
• Experience with effective communication at different levels in the organization
• Experience working in a global environment and with virtual teams
• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA) or Certified Information Systems Manager (CISM) certification preferred 
• Working knowledge and strong understanding of security best practices for the IT technologies including: Windows Active Directory, network routing and switching, firewalls, cloud computing and cloud-based services and MDM

The approximate pay range for this position is $99,000 to $120,000. Please note that the pay range provided is a good faith estimate for the position at the time of posting. Final compensation may vary based on factors including but not limited to knowledge, skills and abilities as well as geographic location.

Nestlé offers performance-based incentives and a competitive total rewards package, which includes a 401k with company match, healthcare coverage and a broad range of other benefits.  Incentives and/or benefit packages may vary depending on the position. Learn more at About Us | Making an Impact | Nestle Careers (nestlejobs.com)

Job ID: 223413 

#LI-Hybrid

It is our business imperative to remain a very inclusive workplace.

To our veterans and separated service members, you're at the forefront of our minds as we recruit top talent to join Nestlé. The skills you've gained while serving our country, such as flexibility, agility, and leadership, are much like the skills that will make you successful in this role.  In addition, with our commitment to an inclusive work environment, we recognize the exceptional engagement and innovation displayed by individuals with disabilities.  Nestlé seeks such skilled and qualified individuals to share our mission where you’ll join a cohort of others who have chosen to call Nestlé home.

Nestlé Nespresso USA is an equal opportunity employer and is looking for diversity in qualified candidates for employment. Prior to the next step in the recruiting process, we welcome you to inform us confidentially if you may require any special accommodations in order to participate fully in our recruitment experience. Contact us at accommodations@nestle.com or please dial 711 and provide this number to the operator: 1-800-321-6467.

This position is not eligible for Visa Sponsorship.