W360 Senior Risk Compliance Specialist Milano

W360 Senior Risk Compliance Specialist
Milano
Lombardia, Milano

• Nestlé welcomes people with disabilities

• IS/IT – Workforce 360 Risk&Compliance Team, reporting to IT W360 Risk & Compliance Manager

• Permanent contract

• Full-time work, virtual working available in a global environment

• Master or Bachelor's degree in Computer Science, Sciences or Engineering, Information Systems, business administration or related field

• Minimum 6-8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs

• Experience with effective communication at different levels in the organization and in English

Position Summary

Joining Nestlé means you are joining the largest food and beverage company in the world!

We are currently looking for a Sr IT Risk and Compliance Specialist to complete our Workforce360 Product Stream Operations Team in Milan, Italy.

As our Risk and Compliance Specialist, you will be responsible for implementing, coaching, and supporting our integrated risk, compliance, and security management systems in accordance with the business risk appetite.

This role includes evaluating the unit IT risk and compliance with internal and external policies, standards, and regulations, assessing the risks associated with each product, and supporting the Product Groups in documenting and implementing corrective actions.

You will ensure that appropriate actions, checks, and reviews are in place to deliver a risk-based continuous improvement management system for compliance.

You will work with IT team members globally to assess, identify, document, measure, and address compliance requirements, including but not limited to data protection, privacy, relationships with 3rd parties, information security, and procurement within Workforce 360 products scope.

A Day in the Life of an IT Senior Risk & Compliance Specialist

Work with W360 Product/Platform Group owners and related specialists to enable and foster an appropriate IT risk and compliance environment by:

Developing and overseeing IT controls and IT risk management system (in close collaboration with Security & Compliance Stream, leveraging existing and agreed frameworks) to prevent or deal with IT control violations. Drafting, modifying, and implementing all necessary company IS/IT policies and standards. Conducting control checks, testing, management system reviews, and delivering assessments to the IS/IT compliance and management systems. Collaborating with Security & Compliance Stream, corporate counsels, and HR departments to monitor enforcement of policies, standards, and regulations. Keeping abreast of relevant regulatory developments and evolving best practices in IT risk compliance control. Contributing to the preparation of related reports for senior management, internal and external audits, and external regulatory bodies as appropriate. Supporting the Product/Product Group teams in implementing the required IT compliance standards in their solutions. Coordinating audit-related tasks, ensuring readiness of IT Product Group Managers and IT Product Managers for audits testing. Coaching & training Product/Product Group teams in the management of risks, controls, and corrective actions. Tracking and reporting compliance through relevant metrics. Overseeing the development and rollout of the Risk, Compliance & Security capability framework for their Product/Product Groups. What will make you successful 6-8+ years of experience in risk management, compliance, information security, and IS/IT jobs. Undergraduate degree preferable in the field of computer science, law, IS/IT Security. Experience in developing and submitting IT audit, risk, and compliance reports. Direct experience and knowledge of regional, national, and local IT laws and regulations. Demonstrated ability to apply IT-related knowledge & experience in solving compliance issues. Understanding of cloud services, data processing, hardware platforms, enterprise software applications, and outsourced systems. Knowledge of emerging AI regulations and key governance, risk management, and other existing regulations such as GDPR, Data Act, etc. Ability to lead complex projects of Assessment of AI solutions. Understanding of computer systems and integration capabilities. Experience in working in a global environment and with virtual teams. Holding Risk, Security and Compliance certifications is mandatory - CISA, CISM, CRISC, CSX. Lead Implementor or Auditor ISO/IEC 27001.

#J-18808-Ljbffr