Position summary
under the supervision and guidance of her/his primary community of practice lead and product group manager based in switzerland, the risk and compliance specialist is responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the it teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement.
The risk and compliance specialist's responsibilities include ensuring the teams are able to drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, s/he is responsible for providing the tools, processes and frameworks to support it compliance in nestle and for conducting it controls testing
a day in the life of...
General outputs
responsible for implementing, coaching and reporting on risk, compliance & security through the nestlé compliance and information security management system within it:
- supports risk identification and controls mapping for all solutions and processes in product/product groups and other it teams using the nestlé security, risk & compliance framework and management system
- responsible for conducting controls testing, management system reviews and reporting to assess the it compliance and management system
- coaches and supports teams in managing risk, compliance & security gaps through documented corrective & preventative actions, tracked through the management system
- provides guidance and support to it teams in implementing by design the required it compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the nestlé framework
- responsible for tracking the compliance through relevant metrics
- advise on and promote importance of it related risk, compliance and security outside the it community
what will make you successful
- 5+ years of experience in a combination of risk management, compliance, information security and it jobs
- undergraduate degree in the field of computer science, law, it security, quality management or business administration; graduate degree in one these fields preferred
- industry-related compliance, risk or security management certification is preferred
- experience developing and submitting it audit and compliance reports
- experience with effective communication at different levels in the organization and in english
- experience having worked in a global environment and with virtual teams