Job Title: Executive – Human Resources
Salary Package: Up to 5 LPA
Company Name: Nestle Group
Job Location: Bangalore, IN
Qualification: Graduate
Job Info:
Position Snapshot
• Organization: Nestlé Global Services India, a Division of Nestlé R&D, In-dia
• Hosted at: Bengaluru, India
• Global Grade: G
• Fluent English
Position Summary
Under the supervision and guidance of her/his primary IS/IT Risk & Compliance Manager, the IT Risk and Compliance Specialist is responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance to the business risk appetite. The management systems enable the IS/IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement.
The Risk and Compliance Specialist’s responsibilities include:
– ensuring the teams are able to drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite.
– ensuring checks and reviews are in place to deliver a risk based management system for security and compliance.
– supporting the product teams in documenting and implementing appropriate controls and corrective actions,
– providing and supporting the tools, processes and frameworks used to maintain compliant system as well as testing the IS/IT controls.
A day in the life of…
General Outputs
Responsible for implementing, coaching and reporting on Risk, Compliance & Security through the Nestlé Compliance and Information Security management system within IS/IT:
• Supports risk identification and controls mapping for all solutions and processes in product/platform groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system
• Developing and overseeing IT controls and IT risk management system (in close collaborate with Group Risk, Compliance & Security and leveraging existing and agreed frameworks) to prevent or deal with IT control violations, using the Nestlé Security, Risk & Compliance framework and management system (ISO 27001)
• Responsible for conducting control testing, management system reviews and deliver assessment report on the IS/IT compliance and management systems
Tools, Processes and Frameworks
Responsible for implementing and sustaining the tools and process for the IT Platforms Information Security Management System:
• Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
• Maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
• Applies the Cyber Risk Framework to ensure completeness of risk coverage
• Developing and overseeing IT controls (in close collaborate with Group Risk, Compliance & Security and leveraging existing and agreed frameworks) to prevent or deal with IT control violations, using the Nestlé Security, Risk & Compliance framework and management system (ISO 27001)
• Collaborate with Audit, IS/IT & NBE support functions to ensure one source of truth through integration of reporting corrective & preventative actions and audit findings
• Implement and sustain processes with Legal, Quality and Corporate Compliance to ensure IT Platforms teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Regulatory & Audit Outputs
• Supports the execution of IS/IT audit activities and requests
• Works with IT Platforms teams and internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems
• Supports IT Platforms teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements
• Ensures all IT Platforms teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements
Capability & Organizational Outputs
• Acts as partner to all IT Platforms teams for IS/IT compliance questions and advice
• Performs, and/or coach to ensure consistancy, risk assessment according to agreed Risk & Compliance framework in collaboration with IT Platforms teams
What will make you successful
• 5+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs
• Undergraduate degree in the field of computer science, law, IS/IT Security, Quality Managemnet or business administration; graduate degree in one these fields preferred
• Industry-related compliance, risk or security management certification is preferred. (e.g., ISO27001, COBIT, NIST, CISA, CISSP, etc.)
• Demonstrated ability to apply IS/IT-related knowledge and experience in solving compliance issues
• Experience with effective communication at different levels in the organization and in English
• Experience having worked in a global environment and with virtual teams
• Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems
About Nestle Group
Nestlé Group enjoys a reputation as the world’s largest food and beverage company driven by our purpose – enhancing quality of life everyone, today and for generations to come. At Nestlé ecosystem, we constantly explore and push the boundaries of what is possible with foods, beverages, and nutritional health solutions to enhance quality of life and contribute to a healthier future to better support individuals, families, communities and the planet. We have more than 2000 brands ranging from global icons to local favourites and are present in 190 countries worldwide.