IT Risk and Compliance Specialist

**Position Snapshot**

Location: Petaling Jaya, Selangor, MY
Company: Nestlé Malaysia
Full-time
Bachelor’s Degree
4+ years of experience

**Position Summary**

Joining Nestlé means you are joining the largest Food and Beverage Company in the world. At our very core, we are a human environment - passionate people driven by the purpose of enhancing the quality of life and contributing to a healthier future. A Nestle career empowers you to make an impact locally and globally, as you are provided with the opportunity to make a mark and stand out, if you seek it. With Nestle, you are enabled and encouraged to grow not only as professionals, but also as people.

We are looking for an IT Risk and Compliance Specialist to be responsible for implementing, coaching and improving an integrated risk, compliance and security management system in accordance with the business risk appetite.

**A day in the life of...**
- Support risk identification and control mapping for all solutions and processes in product/product groups and other IS/IT teams using the Nestlé Security, Risk & Compliance framework and management system. Coach and support teams in managing Risk, Compliance & Security gaps through documented corrective & preventative actions, tracked through the management system.
- Responsible for conducting management system reviews and reporting to assess the IT compliance and management system. Including collaborating with internal and external Auditors, tracking and following up all IS/IT audits, internal review or regulatory findings as corrective & preventative actions through the management systems.
- Provide guidance and support to IS/IT teams in implementing by design the required IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework.
- Maintain the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.), including Implementing tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
- Contribute to the maintenance and development the Controls library to address the evolving risk environment, automation, and translation of Regulatory & Industry standards into Nestlé as control procedures, metrics and scripts.
- Support the roll-out & evolution of the Risk, Compliance & Security competency framework, including the roll-out and tracking of the awareness and behavior training. Coach & train IS/IT teams on the implementation and management of controls, Train IS/IT teams on standards, policies, frameworks, and regulatory requirements.
- Ensure all IS/IT teams are trained in identifying and reporting Security, Risk & Compliance incidents and events to meet internal & external requirements.

**What will make you successful**
- 4+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs.
- Undergraduate degree in the field of computer science, IT Security, Quality Management, or business administration; graduate degree in one these fields preferred.
- Script & report development experience in Power BI, SQL, PowerShell, Python, Power Automate preferred.
- Good in IT Risk Management with ISO27001 or NIST or relevant external standard knowledge.
- Good strong exposure, preferrable hands-on working experience on cloud platform specifically Azure Infrastructure/Platform, preferable someone who have AZ-500 Microsoft Azure Security Certificate or SC-200: Microsoft Security Operations Analyst.
- IT risk management or security management certification is preferred.
- Strong written and verbal communication skills in English and Mandarin.
- Strong facilitation skills in risk assessments required.
- Experience having worked in a global environment and with virtual teams.