About it in nestlé
we are a team of it professionals from many countries and diverse backgrounds, each with unique missions and challenges in the biggest health, nutrition and wellness company in the world. We innovate every day through forward-looking technologies to create opportunities for nestlé’s digital challenges with our consumers, customers, and at the workplace. We collaborate with our business partners around the world to deliver standardized, integrated technology products and services to create tangible business value.
position overview
under the supervision and guidance of her/his primary line manager and product manager based in spain, the specialist it compliance role is to assess, oversee, and drive all compliance issues within his/her area (product, product group, stream) including but not limited to information security, data protection, privacy, 3rd party/vendor, and procurement. The role includes evaluating the unit's compliance with internal and external policies, standards, and regulations, assessing the risks associated with each product, and supporting the product teams in documenting and implementing corrective actions to ensure appropriate checks and reviews are in place to deliver a risk-based continuous improvement management system for compliance. To enable this, s/he is responsible for providing the tools, processes, and frameworks to support it compliance in nestlé and for conducting it cloud controls testing.
key responsibilities:
1. responsible for driving risk, compliance & security as a management system within the product/product group team: ensures the proper implementation, management, and follow-up of risk, compliance & security within product/product groups.
2. ensures risk identification and controls mapping for all solutions and processes in product/product groups using the nestlé risk, compliance & security framework.
3. supports product/product groups in identifying and applying internal and external (legal, regulatory, and commercial) compliance requirements.
4. coordinates audit-related tasks such as ensuring the readiness of is/it product managers, partner delivery managers, and their organizations for audits testing and facilitating the timely resolution of any audit findings.
5. ensures risk, compliance & security gaps within the product/product groups are documented in corrective & preventative actions and tracked through the management system.
6. facilitates the creation and modification of all technology compliance policies and frameworks owned by their product/product groups.
7. supports the product/product group teams on implementing by design the required is/it compliance in their solutions to meet the desired level of compliance maturity in the nestlé framework.
8. responsible for tracking the product/product groups compliance through relevant metrics and driving continuous improvement through the management system.
tools, processes and frameworks:
1. responsible for implementing and sustaining the tools and process for the nestlé cloud compliance framework.
2. implements tools and process to support an integrated risk, compliance & security framework.
3. maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., iso27001, cobit, nist, itil etc.).
4. maintains and develops the cyber risk framework to address the evolving risk environment.
5. develops and sustains the controls library by translating nestlé, regulatory & industry standards into actionable control points.
6. collaborates with audit, it & nbe support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings.
7. implements and sustains processes with legal, quality and corporate compliance to ensure it teams are able to identify and apply internal and external (legal, regulatory and commercial) compliance requirements.
8. responsible for defining and maintaining an integrated risk, compliance & security index.
regulatory & audit outputs:
1. supports the execution of it audit activities and requests.
2. works with it teams and internal and external auditors, tracking and following up all it audits, internal review or regulatory findings as corrective & preventative actions through the management systems.
3. validates root causes have been addressed prior to closure of corrective & preventative actions.
4. supports it teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements.
5. drives root cause analysis across audits and reviews to identify and document required improvements in tools, processes, and documentation in the cloud framework.
6. supports it teams in the execution and follow-up of partner compliance audits regarding the cloud framework.
required profile:
• at least 5 years of experience in a combination of risk management, compliance, information security and it audit jobs.
• undergraduate degree in the field of computer science, management information systems, it security or similar.
• industry-related compliance, risk or security management certification is preferred.
• demonstrated ability to apply it-related knowledge and experience in solving compliance issues.
• experience developing and submitting it audit and compliance reports.
• experience with effective communication at different levels in the organization and in english.
• experience having worked in a global and multi-cultural environment with virtual teams is preferred.
#j-18808-ljbffr