Security Expert

We are the Nestlé Nespresso SA Company and are proud to be one of the fastest growing operating unit of Nestlé. Our passionate, entrepreneurial-minded team has transformed Nespresso into the reference in portioned coffee and one of the world’s most trusted brands. Our growth comes from our commitment to research and development in order to pioneer and be the reference in the portioned coffee sector to provide the very highest quality coffees that could be enjoyed in the comfort of consumers' own homes and also savored at out-of-home locations, such as restaurants, hotels, offices and luxury retail businesses. We guarantee quality by taking a careful, thoughtful approach in how we source our ingredients, produce and market our premium coffee products. With corporate headquarters in Lausanne, Switzerland, Nespresso is present in over 60 countries and counts over 12,000 employees worldwide. To learn more visit www.nespresso.com.

We are looking for an IS/IT Security Expert to be part of our Nespresso Digital and Tech Team.

Position Snapshot

• Location: Nespresso Headquarters, Barcelona. Spain.
• Type of Contract: Permanent.
• Type of work: Hybrid
• Work Language: Fluent Business English

About the Role

As an IS/IT Security Expert, your main responsibility will be to ensure the adequate protection of our organization's information assets against cyber threats. You will play a crucial role in establishing and maintaining secure implementation and maintenance of our IT products, platforms, and solutions to mitigate risks to the organization. The expert will monitor and analyze security systems, logs, and reports to identify vulnerabilities and respond to security incidents and breaches. S/He will collaborate proactively with IT and business units to provide guidance and implement practices that align with defined information security policies and standards, while continuously enhancing cyber resilience in accordance with Nestlé and Nespresso standards. Additionally, the expert will stay updated on emerging security threats, technologies, and trends through continuous research.

Key Responsibilities

• Conduct systematic security assessments of IT assets including digital solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks
• Validate security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
• Collaborate with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures and secure practices are implemented across the products and product groups with a particular focus on DevSecOps. Ensure new products, platforms and solutions are implemented "Secure & Compliant by Design"
• Monitor and analyze security logs and alerts to identify and respond to security incidents in a timely manner        
• Liaise with the Security, Risk and Compliance Lead to identify best practices, maintain and improve standards, guidelines, processes, etc.
• Support product/product groups in identifying and applying internal and external (legal, regulatory and commercial) security and compliance requirements, with a particular focus on PCI-DSS and consumer data privacy     
• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
• Stay up-to-date with the latest security threats, trends, and technologies to proactively identify and mitigate potential risks.

Position Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field. A relevant master's degree is a plus.
• Minimum of 5 years of expertise in the field of Cybersecurity, with a strong understanding of information security principles and best practices.
• At least 3 years of experience working in the domain of DevSecOps, with a focus on integrating security practices into the software development lifecycle.
• Experience with Cloud Security Solutions, including knowledge of security controls and best practices for cloud environments (e.g., AWS, Azure, Google Cloud).
• Proficiency in incident and vulnerability handling, including experience in incident response, threat hunting, and vulnerability management.
• Fluent in English, with excellent written and verbal communication skills. Any additional languages are a plus.
• Strong analytical and problem-solving skills, with the ability to quickly identify and respond to security incidents and vulnerabilities.
• Familiarity with security frameworks and standards (e.g., ISO 27001, NIST, PCI DSS) and their implementation.
• Knowledge of network security, firewalls, intrusion detection/prevention systems, and other security technologies.
• Ability to work independently and collaboratively in a fast-paced environment, managing multiple priorities and deadlines.
• Strong attention to detail and a commitment to maintaining the highest level of security standards.

Nice-to-have:

• Relevant certifications such as CISSP, CISM, CEH, or other industry-recognized certifications.

Why You’ll Love Working With Us

We offer more than just a job. We put people first and inspire you to become the best version of yourself.

• Comprehensive Benefits: Enjoy a competitive salary and an extensive social benefits package. We offer one of the best pension plans in the market, along with flexible remuneration options that include health insurance, a restaurant card, a mobility plan, and more.
• Growth Opportunities: We believe that people are our most important asset. Benefit from personal and professional growth through ongoing training and numerous career opportunities.
• Flexible Work Environment: Experience a hybrid working model with two days in the office and three days from home. Our state-of-the-art, dog-friendly campus includes a medical center, canteen, and collaborative spaces for networking and relaxation.
• Wellness and Community: Participate in recreational activities such as yoga and zumba, and engage in a wide range of volunteering opportunities.

How to Apply

Interested? We’d love to hear from you! Please submit your CV in English through our job portal. As we have an international team and a hiring panel made up of people from across the world, submitting your CV in English will help us ensure a smooth and efficient review process.

Our Recruitment Process

1. Application Submission: Apply through our careers site.
2. Shortlisting: We review applications and contact relevant candidates.
3. Interviews: Engage in three stages of interviews.
4. Feedback: Receive feedback on your performance.
5. Job Offer: We extend a job offer to the selected finalist.
6. Onboarding: Welcome to your first day at Nespresso.

About Nespresso 

The Nespresso story began with a simple but revolutionary idea: enable anyone to create the perfect cup of espresso coffee.

Since 1986, Nespresso has redefined and revolutionized the way millions of people enjoy their coffee.

We are a Company committed with the Climate change and we aim to achieve carbon neutrality as soon as possible and net-zero GHG emissions by 2050 at the latest.

In 2019 we created the digital hub in Barcelona to offer the best customer experience and innovation to B2C and B2B channels.

We encourage the diversity of applicants across gender, age, ethnicity, nationality, sexual orientation, social background, religion or belief and disability.

People are at the heart of our success – all 14,000 of them. We actively cultivate diversity, inclusion and belonging in the workplace. We celebrate individuality, believing that your authenticity and uniqueness can help us to grow and thrive together

Step outside your comfort zone; share your ideas, way of thinking and working to make a difference to the world, every single day. You own a piece of the action – make it count.

Join Nestlé #beaforceforgood

People are at the heart of our success - all 14,000 of them for Nespresso globally. We actively cultivate diversity, inclusion and belonging in the workplace. We celebrate individuality, believing that your authenticity and uniqueness can help us to grow and thrive together