IT Security & Compliance Specialist

Nestle Hong Kong Ltd-company-logo
IT Security & Compliance Specialist
Nestle Hong Kong Ltd
Cybersecurity
Central and Western, Hong Kong
7 days ago
Part Time
Onsite
Technology, Information and Media
Job Description
36 days ago
Key Outputs :Risk, Compliance & Security Management System Maintenance :
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within

stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using

the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and

commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &

preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their

stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT

compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through

relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory

findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits

(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product

group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance

framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team

Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &

Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security

Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,

Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams

Main Purpose of Job :
Under the supervision and guidance of her/his Security Product Manager / Functional Relationship Manager,
collaborating with function and business peers, the Risk and Compliance Specialist's role is to assess, oversee and drive all compliance issues within their area (market, product, product group, stream) including but not limited
to information security, data protection, 3rd party/vendor management and procurement.
The role includes evaluating the unit's compliance with internal and external policies, standards and regulations, assessing the risks associated with each product and supporting the product teams in documenting and implementing corrective and ensuring the appropriate actions, checks and reviews are in place to deliver a risk based continuous improvement management system for cybersecurity and compliance.
The role also includes the coordination of audit management activities for the Market/Stream/Product Group/Product.

Key Outputs :Risk, Compliance & Security Management System Maintenance :
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within

stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using

the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and

commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &

preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their

stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT

compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through

relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory

findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits

(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product

group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance

framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team

Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &

Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security

Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,

Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

Full-time
Share to
More jobs like this
AXA Group-company-logo
Manager, Information Security
AXA Group
Central and Western, Hong Kong
Security Specialist - Cybersecurity
hktservice
Central and Western, Hong Kong
Information Security & Compliance Analyst
Inspire
Central and Western, Hong Kong
Cybersecurity Analyst / Security Risk Manager - Compliance and Security (LN01)
Acton Consulting Ltd- IT recruitment
Central and Western, Hong Kong
Outworks Solutions Private Ltd.-company-logo
IT Security and Compliance Analyst
Outworks Solutions Private Ltd.
Central and Western, Hong Kong
Information Security and Compliance Analyst
The Walt Disney Company (APAC)
Central and Western, Hong Kong