Job Description
36 days ago
Key Outputs :Risk, Compliance & Security Management System Maintenance :
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within
stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using
the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and
commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &
preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their
stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT
compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through
relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory
findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits
(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product
group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance
framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team
Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &
Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security
Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,
Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams
Main Purpose of Job :
Under the supervision and guidance of her/his Security Product Manager / Functional Relationship Manager,
collaborating with function and business peers, the Risk and Compliance Specialist's role is to assess, oversee and drive all compliance issues within their area (market, product, product group, stream) including but not limited
to information security, data protection, 3rd party/vendor management and procurement.
The role includes evaluating the unit's compliance with internal and external policies, standards and regulations, assessing the risks associated with each product and supporting the product teams in documenting and implementing corrective and ensuring the appropriate actions, checks and reviews are in place to deliver a risk based continuous improvement management system for cybersecurity and compliance.
The role also includes the coordination of audit management activities for the Market/Stream/Product Group/Product.
Key Outputs :Risk, Compliance & Security Management System Maintenance :
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within
stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using
the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and
commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &
preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their
stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT
compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through
relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory
findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits
(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product
group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance
framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team
Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &
Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security
Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,
Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams
All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.
Full-time
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within
stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using
the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and
commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &
preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their
stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT
compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through
relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory
findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits
(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product
group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance
framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team
Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &
Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security
Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,
Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams
Main Purpose of Job :
Under the supervision and guidance of her/his Security Product Manager / Functional Relationship Manager,
collaborating with function and business peers, the Risk and Compliance Specialist's role is to assess, oversee and drive all compliance issues within their area (market, product, product group, stream) including but not limited
to information security, data protection, 3rd party/vendor management and procurement.
The role includes evaluating the unit's compliance with internal and external policies, standards and regulations, assessing the risks associated with each product and supporting the product teams in documenting and implementing corrective and ensuring the appropriate actions, checks and reviews are in place to deliver a risk based continuous improvement management system for cybersecurity and compliance.
The role also includes the coordination of audit management activities for the Market/Stream/Product Group/Product.
Key Outputs :Risk, Compliance & Security Management System Maintenance :
• Ensures the proper implementation, management and follows up of Risk, Compliance & Security system within
stream/product groups/product
• Ensures risk identifications and controls mapping for all solutions and processes in stream/product groups/product using
the Nestlé Risk, Compliance & Security framework
• Supports stream/product groups/product in identifying and applying internal and external (legal, regulatory and
commercial) compliance requirements
• Ensures Risk, Compliance & Security gaps within the stream/product groups/product are documented for corrective &
preventative actions and tracked through the management system
• Facilitates the creation and modification of all technology compliance policies, standards and SOPs owned by their
stream/product groups/product
• Supports the stream/product groups/product teams on implementing by design following the required IS/IT
compliance in their solutions to meet the desired level of compliance maturity within the Nestlé Framework
• Responsible for tracking the stream/product groups/product compliance news, releases and updates through
relevant metrics and driving continuous improvement through the management system
Regulatory & Audit Outputs
• Coordinates all the audits requests in the market/stream/product group/product team for assigned scope.
• Represents the market/stream/product group/product teams toward the auditors
• Tracks and follows-up the market/stream/product group/product team audit, internal review or regulatory
findings with corrective & preventative actions through the management system
• Validates root causes have been addressed prior to closure of corrective & preventative actions
• Works with Risk, Compliance & Security other IT functions to identify required levels of documentation and evidence to support audit and regulatory requirements
• Supports market/stream/product group/product team in the execution and follow-up of Partner Compliance Audits
(including cloud)
• Implement and sustain the processes with Legal, Quality and Corporate Compliance to ensure market/stream/product
group/product teams are able to identifying and applying internal and external (legal, regulatory and commercial) compliance requirements
Capability & Organizational Outputs
• Supports and advises product managers, Product Owners and Application Owners in any IS/IT compliance questions
• Oversees the development & roll out of the Risk, Compliance & Security capability framework for their market/stream/product group/product team, including the roll out and tracking of the awareness and behavior training for all team members
• Performs, and/or coaches to ensure consistency of risk assessment according to Nestlé’s Risk & Compliance
framework
• Coaches & trains market/stream/product group/product team on the implementation and daily operates of risks, controls and corrective actions through the implementation of the Nestlé Compliance & Information Security Management System
• Trains market/stream/product group/product team on standards, policies, frameworks and regulatory requirements
• Identifies gaps between the desired level of compliance capability and current level of maturity, proposing and implementing security advisory for capability enhancement for market/stream/product group/product team
Key Experiences :
• Bachelor degree in computer science, information Security, information administration or other IT related discipline
• 5 years of experience in Information Technology industry, and at least 3 years hands on experience in Risk &
Compliance management, Security Operations, IT audit.
• Experience working in range of Cloud Platforms (eg: Azure(preferred), AWS, etc) , as well as Native Cloud Security
Protection concept and products.
• Cloud Security relevant certifications such as Certified Cloud Security Professional(CCSP), Azure Security Engineer Associate, Azure Cyber Security Architect Expert or equivalent is plus.
• Proven experience in IT infrastructure management and support.
• Knowledge of mainstream security protection technology, product e.g. Firewall, WAF, SIEM, EDR, HIDS,
Vulnerability Scan, Anti-DDoS etc.
• Familiar with various Information Security governance framework, especially ISO27000 and MLPS.
• Experience in project management and procurement processes.
• Proficiency in scripting (e.g., PowerShell) and remote monitoring and management (RMM) tools.
• Experience with effective communication at different levels in the organization with both written and oral English
• Experience of working in multi-nation environment and with virtual teams
All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.
Full-time
More jobs like this
Cybersecurity Analyst / Security Risk Manager - Compliance and Security (LN01)
Acton Consulting Ltd- IT recruitment
Central and Western, Hong Kong
Information Security and Compliance Analyst
The Walt Disney Company (APAC)
Central and Western, Hong Kong
🎉 Got an interview?