IS/IT Risk & Compliance Sr. Specialist
Esplugues Llobregat, B, ES, 08950
Nestlé
Nestlé is the world's largest food & beverage company. We unlock the power of food to enhance quality of life for everyone, today and for generations to come.We are looking for a Security & Compliance Senior Specialist to be part of our IT Supply Chain & Procurement team.
Position Snapshot
- Location: Esplugues de Llobregat
- Type of Contract: Permanent
- Team: Product Stream Operations - IT Supply Chain & Procurement
- Type of work: Hybrid
- Work Language: Fluent Business English
- Grade: H1
The role
The Security & Compliance Senior Specialist ensures IT products and applications are "Secure & Compliant by Design." They work with various teams to implement security measures, conduct risk assessments, enforce policies, support audits, and ensure compliance of cloud & non cloud applications using tools like Archer. The role involves identifying security gaps, recommending improvements, and staying updated on security trends to protect the organization’s IT landscape.
What you’ll do
• Ensure the adherence and compliance to ISIT security Standards and Policies across the Global and Regional IT Business Solutions in Supply Chain & Procurement (SC&PRO).
• Work close with the IT Product Owners to understand their solutions and be a guardian on information security. Help assess & Identify risk within the Information Security Management System (ISMS ISO 27001:2022) framework as well as report on security risks, non-compliance issues. Collaborate with the product owner to build remediation plans, standard routines for control procedures and execute controls to mitigate identified risks relating to these global solutions and ensure to drive harmonization in the ISMS controls and metrics within the IT SC&PRO ISMS using aligned standard routine documentation and governance processes
• Maintain effective and trusted relationships with IT Product Owners, other ISMS Leads, Security & Compliance teams, Legal & Procurement compliance, IT Solution Architects and other major stakeholders.
• Support in scope solutions with internal and international audits on security related topics.
• Give risk-based security control recommendations for new solutions developed or deployed by IT Product Teams.
• Support IT Product Owners in the completion of the Cloud Security (re-) assessments for global and regional cloud solutions, with a particular focus on validating the requirements with respect to security control requirements.
• Conduct Knowledge Transfer to assist product owners in the understanding of Security Standards and solutions.
• Support the Implementation of the IT Information Security Management System (ISMS) including the preparation and support the execution of Independent Reviews and risk assessments.
• Cultivate continuous improvement in Information Security
We offer you
We offer more than just a job. We put people first and inspire you to become the best version of yourself.
- Great benefits including competitive salary and a comprehensive social benefits package. We have one of the most competitive pension plans on the market, as well as flexible remuneration with tax advantages: health insurance, restaurant card, mobility plan, etc.
- Personal and professional growth through ongoing training and constant career opportunities reflecting our conviction that people are our most important asset.
- Hybrid working environment with flexible working scheme. Our state-of-the-art campus is dog friendly and equipped with a medical center, canteen and areas to co-create network and chill!
Minimum qualifications:
- 5+ years of experience in a combination of:
- 2+ years in ISIT security controls and auditing. Understanding & experience of Infrastructure, Application, Web, Cloud & User Security.
- 2+ years in ISMS or Risk Management Experience.
- 1+ years in ISIT Project Management experience
- Minimum bachelor’s degree, preferably in Computer Science, Management Information Systems, Business Administration, Engineering or related discipline with a specialization in an IS/IT security and risk management subject
- Experienced in or Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Information Security Management System (ISMS ISO 27001:2022) certification or equivalents.
- Excellent written and verbal communication skills in English, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences (e.g. management, agencies, vendors). .
- Excellent analytical and problem-solving skills, with the ability to quickly identify and respond to security incidents.
Bonus Points If You:
- Have Knowledge of cloud security principles and experience with cloud-based web applications (e.g., AWS, Azure) is a plus.
- Have Project Management skills & experience
- Knowledge of Power BI
About the IT Hub
At Nestlé IT, we are a diverse, global team of IT professionals in the biggest health, nutrition and wellness company of the world. We strive to create an environment where people are valued for who they are. We innovate every day through future ready technologies to create opportunities for Nestlé to delight consumers, customers and employees alike. We collaborate with partners around the world to deliver tangible value at global scale. We continuously work to develop our people to be future ready.
About Nestlé
We are Nestlé, the largest food and beverage company in the world, with a presence in more than 185 countries. With net sales of CHF 94.4 billion in 2022, the company has over 291,000 employees and 418 factories in 85 countries. Our values are based on respect: respect for ourselves, respect for others, respect for diversity, and respect for our future. Nestlé is dedicated to offering high-quality food and beverage products and services that contribute to the nutrition, health, and well-being of people, pets, and the planet. Additionally, it is committed to being a leading company in sustainability and achieving net zero greenhouse gas emissions by 2050. Want to learn more? Visit us at: www.nestle.com
We encourage the diversity of applicants across gender, age, ethnicity, nationality, sexual orientation, social background, religion or belief and disability.
Step outside your comfort zone; share your ideas, way of thinking and working to make a difference to the world, every single day. You own a piece of the action – make it count.
Join Nestlé’s IT Hub #beaforceforgood
How we will proceed:
You send us your CV → We contact relevant applicants → Interviews → Feedback → Job Offer communication to the Finalist → First working day
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure Business Intelligence CISA CISM CISSP Cloud Compliance Computer Science Governance ISMS ISO 27001 Risk assessment Risk management
Perks/benefits: Career development Competitive pay Flex hours Health care Insurance Salary bonus Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.