Il Gruppo Nestlé, azienda alimentare leader nel mondo, ricerca un Cyber and Digital Security Senior Specialist per la sede di Milano.

Position Snapshot

  • Headquarters of Nestlé in Milan, Italy;
  • IT Security and Compliance Department;
  • Permanent contract;
  • Full-time work in a global environment;
  • Master or Bachelor’s degree in Business administration, Technology-related field or equivalent;
  • 8+ years of experience in a combination of risk management, information security and IT jobs;
  • Experience in effective communication at different levels in the organization and in English.

Position Summary

As a Cyber and Digital Security Senior Specialist, you will play a central role in establishing and maintaining security products, platforms and solutions designed to mitigate IT risks across Nestlé Group to ensure that information assets are adequately protected. You will be responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise.

Our new team member will proactively work with IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IT Product Groups, you will represent IT Security in various core team meetings.

The Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

A day in the life of…

  • Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
  • Work directly with Product Managers, BRMs and IT Customers to facilitate business IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
  • Provide strategic risk guidance for IT projects and product management, including the evaluation and recommendation of technical controls.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or to eliminate risk and audit findings.
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance and business continuity management.
  • Work closely with Enterprise Architects, other functional area architects and other Security Specialists to ensure adequate security solutions are in place throughout all IS/IT products and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements.
  • Serve as a security expert in infrastructure design and deployment, database design, network and/or platform (operating system) efforts, helping product teams comply with enterprise and IT security policies, industry regulations and best practices.

What will make you successful

  • Degree in business administration or a technology-related field, or equivalent work experience
  • 8+ years of experience in a combination of risk management, information security and IT jobs
  • Experience in complex enterprise environments and current technology areas like cloud and mobility
  • Hands-on experience with Azure and/or AWS and/or GCP related to administration, security, deployment, management and automation technologies
  • Practical experience on infrastructure network security (i.e. data centers, security gateways, VPN, on prem and in the cloud)
  • Practical Experience on operating systems security (Linux and/or Windows)
  • Experience on databases security (SQL, Oracle, NoSQL, HANA DB etc)
  • Previous work experience in a global environment and with virtual teams will be considered an asset
  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
  • Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST would be a plus.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences in English.
  • Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals with minimal supervision.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Must be a critical thinker with strong problem-solving skills
  • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

Per la candidatura visita il seguente link


Visit Us