Nestlé Nestlé is the world's largest food & beverage company. We unlock the power of food to enhance quality of life for everyone, today and for generations to come. • Nestlé welcomes people with disabilities • IS/IT – Workforce 360 Risk & Compliance Team, reporting to IT W360 Risk & Compliance Manager • Permanent contract • Full-time work, virtual working available in a global environment Position Summary Joining Nestlé means you are joining the largest food and beverage company in the world We are currently looking for a Sr IT Risk and Compliance Specialist to complete our Workforce360 Product Stream Operations Team in Milan, Italy. As our Risk and Compliance Specialist, you are responsible for implementing, coaching and supporting our integrated risk, compliance and security management systems in accordance with the business risk appetite. The role includes evaluating the unit IT risk and compliance with internal and external policies, standards and regulations, assessing the risks associated with each product and supporting the Product Groups in documenting and implementing corrective actions. A Day in the Life of a IT Senior Risk & Compliance Specialist Work with W360 Product/Platform Group owners and related specialists to enable and foster an appropriate IT risk and compliance environment by: Developing and overseeing IT controls and IT risk management system (in close collaboration with Security & Compliance Stream, leveraging existing and agreed frameworks) to prevent or deal with IT control violations. Drafting, modifying and implementing all necessary company IS/IT policies and standards. Conducting control checks, testing, management system reviews and delivering assessments to the IS/IT compliance and management systems. Collaborating with Security & Compliance Stream, corporate counsels and HR departments to monitor enforcement of policies, standards and regulations. Keeping abreast of relevant regulatory developments within or outside of the company as well as evolving best practices in IT risk compliance control. Contributing to (and where relevant owning) the preparation of related reports for senior management, internal and external audits as well as external regulatory bodies as appropriate. Supporting the Product/Product Group teams in implementing by design the required IT compliance standards in their solutions. Coordinating audit-related tasks and ensuring the readiness of IT Product Group Managers and IT Product Managers for audits testing. Coaching & training Product/Product Group teams in the management of risks, controls and corrective actions through the implementation of the Nestlé Information Security Management System (ISMS). Tracking and reporting the compliance through relevant metrics. Overseeing the development and roll out of the Risk, Compliance & Security capability framework for their Product/Product Groups. What will make you successful • 6-8 years of experience in a combination of risk management, compliance, information security and IS/IT jobs. • Undergraduate degree preferable in the field of computer science, law, IS/IT Security. • Experience in developing and submitting IT audit, risk and compliance reports. • Experience with effective communication at different levels in the organization and in English. • Direct experience and knowledge of regional, national and local IT laws and regulations. • Demonstrated ability to apply IT-related knowledge & experience in solving compliance issues. • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems. • General knowledge of business theory, business processes, management, budgeting and business office operations. • Knowledge of emerging AI regulations and key governance, risk management and other existing regulations such as GDPR, Data Act, etc. • Ability to lead complex projects of Assessment of AI solutions. • Development and implementation of Responsible AI frameworks and advanced analytics tools. • Understanding of computer systems and integration capabilities. • Experience in working in a global environment and with virtual teams. • Holding Risk, Security and Compliance certifications is mandatory - CISA, CISM, CRISC, CSX. • Lead Implementor or Auditor ISO/IEC 27001. J-18808-Ljbffr