IT Risk & Compliance Specialist

About IT in Nestlé
We are a team of IT professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company of the world. We innovate every day through forward-looking technologies to create opportunities for Nestlé’s digital challenges with our consumers, customers and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.  

Optimizing the ways of working through automation and innovation. Under the supervision and guidance of her/his primary Line Manager and Product Manager based in Spain, the Specialist IT Compliance role is to assess, oversee and drive all compliance issues within his/her area (product, product group, stream) including but not limited to information security, data protection, privacy, 3rd party/vendor and procurement. The role includes evaluating the unit's compliance with internal and extrenal policies, standards and regulations, assessing the risks associated with each product and supporting the product teams in documenting and implementing corrective and ensuring the appropriate actions, checks and reviews are in place to deliver a risk based continuous improvement management system for compliance.  To enable this, s/he is responsible for providing the tools, processes and frameworks to support IT Compliance in Nestlé and for conducting IT Cloud controls testing.

Position Snapshot
Location: Nestlé México
Stream: IT Security & Compliance
Type of Contract: Permanent

Key Responsibilities:

General Outputs
Responsible for driving Risk, Compliance & Security as a management system within the product/product group team:
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security within product/product groups
• Ensures risk identification and controls mapping for all solutions and processes in product/product groups using the Nestlé Risk, Compliance & Security framework
• Supports product/product groups in identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
• Coordinates audit-related tasks such as ensuring the readiness of IS/IT Product Managers, Partner Delivery Managers and their organizations for audits testing and facilitating the timely resolution of any audit findings
• Ensures Risk, Compliance & Security gaps within the product/product groups are documented in corrective & preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies and frameworks owned by their product/product groups
• Supports the product/product group teams on implementing by design the required IS/IT compliance in their solutions to meet the desired level of compliance maturity in the Nestlé Framework
• Responsible for tracking the product/product groups compliance through relevant metrics and driving continuos improvement through the management system

Tools, Processes and Frameworks
Responsible for implementing and sustaining the tools and process for the Nestlé Cloud Compliance Framework:
• Implements tools and process to support an integrated Risk, Compliance & Security Framework 
• Maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
• Maintains and develops the Cyber Risk Framework to address the evolving risk environment
• Develops and sustains the Controls Library by translating Nestlé, Regulatory & Industry standards into actionable control points
• Collaborate with Audit, IT & NBE support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings 
• Implement and sustain processes with Legal, Quality and Corporate Compliance to ensure IT teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
• Processes and procedures for lifecycle management of all technology compliance policies, standards and frameworks in Nestlé, including exceptions management
• Responsible for defining maintaining an integrated risk, compliance & security index

Regulatory & Audit Outputs
• Supports the execution of IT audit activities and requests
• Works with IT teams and internal and external Auditors, tracking and following up all IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
• Validates root causes have been addressed prior to closure of corrective & preventative actions 
• Supports IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
• Drives root cause analysis across audits and reviews to identify and document required improvements in tools, processes and documentation in the cloud framework
• Supports IT teams in the execution and follow-up of Partner Compliance Audits regarding the cloud framework

Required Profile:
• At least 5 years of experience in a combination of risk management, compliance, information security and IT audit jobs.
• Undergraduate degree in the field of computer science, Management Information Systems, IT Security or similars.
• Industry-related compliance, risk or security management certification is preferred.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
• Experience developing and submitting IT audit and compliance reports.
• Experience with effective communication at different levels in the organization and in English.
• Experience having worked in a global and multi-cultural environments with and virtual teams is preferred.