Position Snapshot
* Location: Barcelona, Spain
* Type of Contract: Permanent
* Stream: IT Security & Compliance
* Type of work: Hybrid
* Work Language: Fluent Business English
The role
Drive the program that ensures Nestlé’s partners maintain the required levels of Cyber Security to protect Nestlé’s operations and data. This role enhances and evolves capabilities to categorize, agree on controls, monitor them, and audit those operated by Nestlé partners. Working with procurement and other functions ensures that Nestlé’s resilience is not negatively impacted by the cyber security of third parties.
What you’ll do
* Maintain and enhance Nestlé’s framework of controls and tools to ensure partner cyber security, including defining long‑term business capability processes, automation and digitalization road‑map.
* Collaborate with procurement and procurement legal to embed cyber security control requirements into contracts and engagements for new contracts.
* Work with other Nestlé IT teams to develop an assurance approach for when Nestlé is approached as a partner by others.
* Maintain and strengthen the Cloud Governance Framework, improving visibility and monitoring of SaaS cloud solutions.
* Align third‑party assurance and risk processes with other Nestlé IT product teams.
We offer you
* Great benefits including a competitive salary and a comprehensive social benefits package. Nestlé offers a market‑competitive pension plan and flexible remuneration with tax advantages such as health insurance, restaurant card and mobility plan.
* Personal and professional growth through ongoing training and career opportunities focused on developing people.
* Hybrid working environment with an adaptable schedule. The state‑of‑the‑art campus is dog‑friendly and equipped with a medical centre, canteen, co‑creation spaces and networking areas.
* Recreation activities such as yoga and Zumba, plus a wide range of volunteering opportunities.
Minimum qualifications
* Bachelor’s degree or higher, preferably in computer science or a related field.
* 15+ years of experience in Security & Compliance in large organizations.
* Strong understanding of information risk and security guidelines, architecture standards and frameworks (ISO 27001, COBIT, NIST) and secure & compliant design.
* Demonstrated experience optimizing processes to reduce risks while enabling business agility.
* Experience communicating at different levels within the organization and with virtual teams in English.
Bonus points if you
* Have a legal background or experience with contract negotiations.
* Have prior experience implementing a Third‑Party Assurance Program.
* Have experience with TPRM and SSPM solutions and services.
About the IT Hub
At Nestlé IT, we are a diverse, global team of professionals in the world’s largest health, nutrition and wellness company. We create an environment where people are valued for who they are, innovating with future‑ready technologies to create opportunities for Nestlé to delight customers and employees. We collaborate with partners worldwide to deliver tangible value at global scale and continuously develop our people to be future‑ready.
About Nestlé
We encourage the diversity of applicants across gender, age, ethnicity, nationality, sexual orientation, social background, religion or belief, and disability. Step outside your comfort zone; share your ideas, ways of thinking and working to make a difference to the world, every single day. You own a piece of the action – make it count.
Join Nestlé’s IT Hub #beaforceforgood
#J-18808-Ljbffr