Key skills
Cyber SecurityLeadershipRisk ManagementCommunication
About this role
Role Overview
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
- Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
- Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
- Collaborate with cross-functional teams, distribution centre, production locations to ensure security policies are integrated into all business processes
- Collaborate with business stakeholders to identify required security controls and ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
- Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
- Ensure business continuity and disaster recovery frameworks are documented, tested, and improved for DC and Production locations
- Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
- Guide the distribution centre and production locations for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
- Develop and maintain documentation required for compliance audits and certifications
- Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
- Maintain compliance KPIs and KRIs based on company risk appetite and Global requirements
- Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
- Promote a culture of security awareness within the distribution centre and production locations
- Support regular security awareness campaigns and workshops
- Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics
- Develop and maintain the location risk register
- Collaborate with Global, Regional and Local teams on incident response governance and post-incident reviews
- Manage security incident response locally, including investigation, containment, and remediation
Requirements
- Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
- Minimum of 5+ years of experience in information technology or combination of risk management, compliance, information security and IT jobs
- Hands on experience and knowledge of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
- Experience with risk assessment and management, process and control implementation
- Experience leading internal and external audits
- Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
Tech Stack
- Cyber Security
Benefits
- Comprehensive total rewards benefits package including Health and Dental benefits that start on day one of employment
- Company matched pension plan
- Three weeks of Vacation and five personal days (Personal Paid Holidays)
- Flexible and hybrid work arrangements
- Excellent training and development programs as well as opportunities to grow within the company
- Access to Educational Assistance & Tuition Reimbursement
- Bonus eligibility
- Access to the Discount Company store with Nestlé, Nespresso, and Purina products (Located across various Nestle offices/sites)
- Additional discounts on a variety of products and services offered by our preferred vendors and partnerships