IT Security & Compliance Functional Relationship Manager - Bryanston at Nestle

A day in the life of an IT Technical & Production FRM:

• Partner with internal and external stakeholders to define, plan, execute and refine strategy, definitions, and roadmaps to execute the market’s Information Security Management System (ISMS) and maintain the market’s ISO 27001 certification.
• Be accountable for ensuring all applications within their market are delivered and maintained secure and compliant with internal standards and external regulations, including privacy requirements, Business Continuity Plans etc.
• Supports the prompt deployment of global Security & Compliance solutions and processes in the market.
• Is responsible for tracking the market security and compliance posture through relevant metrics and driving continuous improvement through the management system.

Information Security Management –

• Plan/execute the market’s Information Security Management System (ISMS)
• Provide process, standard routines and control procedures to enable secure and compliant by design applications.
• Drive the continuous improvement of Security & Compliance posture by leading the Risk, Control & Applications owners through the ISMS Framework
• Ensure the implementation of IT Standards and Global Controls
• Track and report on Risk, Control & Remediation maturity
• Support the adoption of the appropriate metrics for tracking risks & controls.
• Ensure Information Security risk & control posture is aligned with market management.

Risk Management -  

• Ensures risk identification and controls mapping for all solutions and processes in market using the Nestlé Risk, Compliance & Security framework.
• Ensures Risk, Compliance & Security gaps within the market are documented in corrective & preventative actions and tracked through the management system.
• Presents IT Risk posture to market management and provides input Enterprise Risk Management processes in the market.

Support and Incident Response -

• Ensures market engagement in Security Incident & Event response, first point in market for Cyber Security Operations Center (CSOC).
• Prioritizes issues and escalations on behalf of receivers.
• Provide insight into business disruptions caused by P1/P2 and unplanned outages.

Regulatory & Audit Outputs -

• Coordinates all the IT related audits requests in the market.
• Represents the market teams with the auditors, supports market in providing documentation required to meet regulatory requirements (e.g., PCI, GxP)
• Tracks and follows-up the market audit, internal review or regulatory findings as corrective and preventative actions through the management system.
• Validates root causes that have been addressed prior to closure of corrective and preventative actions.
• Works with Risk, Compliance & Security function to identify required levels of documentation and evidence to support audit and regulatory requirements.
• Ensures market is trained in reporting Risk, Compliance & Security incidents and events to meet internal & external requirements.
• Supports market in the execution and follow-up of Partner Compliance Audits (including cloud)        

Capability & Organizational Outputs -

• Supports and advises IT and Business Application Owners in any IS/IT compliance questions.
• Oversees the development and roll out of the Risk, Compliance & Security capability framework for their unit.
• Roll out, promote and track of the Security & Compliance awareness and behaviour training for market.
• Performs, and/or coaches to ensure consistency, risk assessment according to agreed Risk & Compliance framework.
• Coaches and trains local teams on the implementation and management of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market teams on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and the current level of maturity and propose and implement adjustments in capability development for market.

What will make you successful:

• Bachelor’s degree or higher, preferably computer science or field related to the function.
• 7+ years’ experience in IT (e.g., BA, PM, etc.)
• Experience in Information Security and Compliance or Data Privacy is required.
• Demonstrated experience in a product-based IT organization.
• Stakeholder management experience with proven record of successfully managing complex stakeholder networks.
• Proven track record of taking ownership and successfully delivering results in a fast-paced, dynamic environment.
• Experience with effective communication at different levels in the organization and in English
• Experience working in a global environment and with virtual teams.
• Experience with and strong knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST
• Industry-related/Professional compliance, risk or security management certification is preferred.  (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), ISO27001 Lead Auditor/Implementer etc.)