Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
Collaborate with cross-functional teams to ensure security policies are integrated into all business processes
Collaborate with business stakeholders to identify required security controls, ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
Guide the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
Develop and maintain documentation required for compliance audits and certifications
Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
Promote a culture of security awareness within the functional unit
Support regular security awareness campaigns and workshops
Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics

Requirements

Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
Minimum of 5+ years of experience in information technology or a combination of risk management, compliance, information security and IT jobs
Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
Experience with risk assessment and management, process and control implementation
Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
Relevant certifications such as ISO/IEC 27001 Lead Implementer/Auditor and/or CRISC, are highly desirable
In-depth knowledge of information security principles, practices, and technologies
Strong analytical and problem-solving skills
Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative
Ability to work independently and as part of a team
High attention to detail and organizational skills
Proven ability to manage multiple initiatives and deadlines effectively
Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.

Benefits

Hybrid work arrangement
Competitive salary based on experience and compliance with Ontario pay transparency regulations

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information security policiesrisk assessmentscompliance auditsISO 27001NIST Cybersecurity FrameworkSOC 2PCI DSSGDPRprocess and control implementationinformation security principles

Soft Skills

strong communication skillsinterpersonal skillsanalytical skillsproblem-solving skillsattention to detailorganizational skillsability to work independentlyteam collaborationinitiativetime management

Certifications

ISO/IEC 27001 Lead ImplementerISO/IEC 27001 AuditorCRISC