IS/IT Risk & Compliance Sr. Specialist

Esplugues Llobregat, B, ES, 08950

Nestlé

Nestlé is the world's largest food & beverage company. We unlock the power of food to enhance quality of life for everyone, today and for generations to come.

View all jobs at Nestlé

Apply now Apply later

We are looking for a Security & Compliance Senior Specialist to be part of our IT Supply Chain & Procurement team. 
 

Position Snapshot 

  • Location: Esplugues de Llobregat 
  • Type of Contract: Permanent 
  • Team: Product Stream Operations - IT Supply Chain & Procurement
  • Type of work: Hybrid 
  • Work Language: Fluent Business English 
  • Grade: H1

The role  

The Security & Compliance Senior Specialist ensures IT products and applications are "Secure & Compliant by Design." They work with various teams to implement security measures, conduct risk assessments, enforce policies, support audits, and ensure compliance of cloud & non cloud applications using tools like Archer. The role involves identifying security gaps, recommending improvements, and staying updated on security trends to protect the organization’s IT landscape.

 

What you’ll do  

•             Ensure the adherence and compliance to ISIT security Standards and Policies across the Global and Regional IT Business Solutions in Supply Chain & Procurement (SC&PRO).

•             Work close with the IT Product Owners to understand their solutions and be a guardian on information security. Help assess & Identify risk within the Information Security Management System (ISMS ISO 27001:2022) framework as well as report on security risks, non-compliance issues.  Collaborate with the product owner to build remediation plans, standard routines for control procedures and execute controls to mitigate identified risks relating to these global solutions and ensure to drive harmonization in the ISMS controls and metrics within the IT SC&PRO ISMS using aligned standard routine documentation and governance processes

•             Maintain effective and trusted relationships with IT Product Owners, other ISMS Leads, Security & Compliance teams, Legal & Procurement compliance, IT Solution Architects and other major stakeholders. 

•             Support in scope solutions with internal and international audits on security related topics.

•             Give risk-based security control recommendations for new solutions developed or deployed by IT Product Teams.

•             Support IT Product Owners in the completion of the Cloud Security (re-) assessments for global and regional cloud solutions, with a particular focus on validating the requirements with respect to security control requirements.

•             Conduct Knowledge Transfer to assist product owners in the understanding of Security Standards and solutions.

•             Support the Implementation of the IT Information Security Management System (ISMS) including the preparation and support the execution of Independent Reviews and risk assessments.

•             Cultivate continuous improvement in Information Security

  

We offer you

We offer more than just a job. We put people first and inspire you to become the best version of yourself. 

  • Great benefits including competitive salary and a comprehensive social benefits package. We have one of the most competitive pension plans on the market, as well as flexible remuneration with tax advantages: health insurance, restaurant card, mobility plan, etc. 
  • Personal and professional growth through ongoing training and constant career opportunities reflecting our conviction that people are our most important asset. 
  • Hybrid working environment with flexible working scheme. Our state-of-the-art campus is dog friendly and equipped with a medical center, canteen and areas to co-create network and chill! 

 

Minimum qualifications:

  • 5+ years of experience in a combination of:
    • 2+ years in ISIT security controls and auditing. Understanding & experience of Infrastructure, Application, Web, Cloud & User Security.
    • 2+ years in ISMS or Risk Management Experience.
    • 1+ years in ISIT Project Management experience
  • Minimum bachelor’s degree, preferably in Computer Science, Management Information Systems, Business Administration, Engineering or related discipline with a specialization in an IS/IT security and risk management subject
  • Experienced in or Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Information Security Management System (ISMS ISO 27001:2022) certification or equivalents.
  • Excellent written and verbal communication skills in English, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences (e.g. management, agencies, vendors). .  
  • Excellent analytical and problem-solving skills, with the ability to quickly identify and respond to security incidents. 

 

 Bonus Points If You:

  • Have Knowledge of cloud security principles and experience with cloud-based web applications (e.g., AWS, Azure) is a plus. 
  • Have Project Management skills & experience
  • Knowledge of Power BI              

 

About the IT Hub  

At Nestlé IT, we are a diverse, global team of IT professionals in the biggest health, nutrition and wellness company of the world. We strive to create an environment where people are valued for who they are. We innovate every day through future ready technologies to create opportunities for Nestlé to delight consumers, customers and employees alike.  We collaborate with partners around the world to deliver tangible value at global scale. We continuously work to develop our people to be future ready. 

  

About Nestlé  

We are Nestlé, the largest food and beverage company in the world, with a presence in more than 185 countries. With net sales of CHF 94.4 billion in 2022, the company has over 291,000 employees and 418 factories in 85 countries. Our values are based on respect: respect for ourselves, respect for others, respect for diversity, and respect for our future. Nestlé is dedicated to offering high-quality food and beverage products and services that contribute to the nutrition, health, and well-being of people, pets, and the planet. Additionally, it is committed to being a leading company in sustainability and achieving net zero greenhouse gas emissions by 2050. Want to learn more? Visit us at: www.nestle.com 

 

We encourage the diversity of applicants across gender, age, ethnicity, nationality, sexual orientation, social background, religion or belief and disability. 

Step outside your comfort zone; share your ideas, way of thinking and working to make a difference to the world, every single day. You own a piece of the action – make it count.  

Join Nestlé’s IT Hub #beaforceforgood 

How we will proceed: 
 
You send us your CV → We contact relevant applicants → Interviews → Feedback →   Job Offer communication to the Finalist → First working day

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Category: Compliance Jobs

Tags: Audits AWS Azure Business Intelligence CISA CISM CISSP Cloud Compliance Computer Science Governance ISMS ISO 27001 Risk assessment Risk management

Perks/benefits: Career development Competitive pay Flex hours Health care Insurance Salary bonus Startup environment

Region: Europe
Country: Spain

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.