.Nestlé Nestlé is the world's largest food & beverage company.
We unlock the power of food to enhance quality of life for everyone, today and for generations to come.We are looking for a Security & Compliance Senior Specialist to be part of our IT Supply Chain & Procurement team.
Position Snapshot Type of Contract: Permanent Team: Product Stream Operations - IT Supply Chain & Procurement Type of work: Hybrid Work Language: Fluent Business English Grade: H1 The role The Security & Compliance Senior Specialist ensures IT products and applications are "Secure & Compliant by Design." They work with various teams to implement security measures, conduct risk assessments, enforce policies, support audits, and ensure compliance of cloud & non-cloud applications using tools like Archer.
The role involves identifying security gaps, recommending improvements, and staying updated on security trends to protect the organization's IT landscape.
What you'll do Ensure the adherence and compliance to ISIT security Standards and Policies across the Global and Regional IT Business Solutions in Supply Chain & Procurement (SC&PRO).
Work closely with the IT Product Owners to understand their solutions and be a guardian on information security.
Help assess & identify risk within the Information Security Management System (ISMS ISO 27001:2022) framework as well as report on security risks, non-compliance issues.
Collaborate with the product owner to build remediation plans, standard routines for control procedures and execute controls to mitigate identified risks relating to these global solutions and ensure to drive harmonization in the ISMS controls and metrics within the IT SC&PRO ISMS using aligned standard routine documentation and governance processes.
Maintain effective and trusted relationships with IT Product Owners, other ISMS Leads, Security & Compliance teams, Legal & Procurement compliance, IT Solution Architects and other major stakeholders.
Support in scope solutions with internal and international audits on security-related topics.
Give risk-based security control recommendations for new solutions developed or deployed by IT Product Teams.
Support IT Product Owners in the completion of the Cloud Security (re-) assessments for global and regional cloud solutions, with a particular focus on validating the requirements with respect to security control requirements.
Conduct Knowledge Transfer to assist product owners in the understanding of Security Standards and solutions.
Support the Implementation of the IT Information Security Management System (ISMS) including the preparation and support the execution of Independent Reviews and risk assessments.
Cultivate continuous improvement in Information Security.
We offer you Great benefits including competitive salary and a comprehensive social benefits package