**Position Snapshot** • Headquarters of Nestlé in Milan, Italy • Nestlé welcomes people with disabilities • IS/IT – Workforce 360 Risk&Compliance Team, reporting to IT W360 Risk & Compliance Manager • Permanent contract • Full-time work, virtual working available in a global environment • Master or Bachelor’s degree in Computer Science, Sciences or Engineering, Information Systems, business administration or related field • Minimum 6-8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs • Experience with effective communication at different levels in the organization and in English **Position Summary** Joining Nestlé means you are joining the largest food and beverage company in the world! In order to complete our Workforce360 Product Stream Operations Team, we are currently looking for a Sr IT Risk and Compliance Specialist. Are you a talented Sr Risk & Compliance Specialist ready to join Nestlé Workforce 360 Product Stream Operations team in Milan, Italy? As our Risk and Compliance Specialist, you are responsible for implementing, coaching and supporting our integrated risk, compliance and security management systems in accordance to the business risk appetite. The role includes evaluating the unit IT risk and compliance with internal and external policies, standards and regulations, assessing the risks associated with each product and supporting the Product Groups in documenting and implementing corrective actions as well as ensuring that appropriate actions, checks and reviews are in place to deliver a risk based continuous improvement management system for compliance. You work with IT team members all over the world to assess, identify, document, measure and address compliance requirements, including but not limited to data protection, privacy, relationships with 3rd parties, information security and procurement within Workforce 360 products scope.   We need your knowledge, consulting and advice on Workforce 360 Product Groups areas of expertise such as IT devices (desktops, laptops, tables, mobiles, printers, etc), collaboration tools, social platforms, portals, content management, intranet products, IT Service Management, ServiceNow platform, adoption, usage and change management tools. You will work with today’s infrastructure technologies, services and processing solutions while constantly delivering tomorrow’s innovations to our workforce. **A Day in the Life of a IT Senior Risk & Compliance Specialist** Work with W360 Product/Platform Group owners and related specialists to enable and foster an appropriate IT risk and compliance environment by: • Developing and overseeing IT controls and IT risk management system (in close collaboration with Security & Compliance Stream, leveraging existing and agreed frameworks) to prevent or deal with IT control violations, using the Nestlé Security, Risk & Compliance framework and management system (ISO 27001) • Draft, modify and implement all necessary company IS/IT policies and standards • Conduct control checks, testing, management system reviews and deliver assessment to the IS/IT compliance and management systems • Collaborate with Security & Compliance Stream, corporate counsels and HR departments to monitor enforcement of policies, standards and regulations • Keep abreast of relevant regulatory developments within or outside of the company as well as evolving best practices in IT risk compliance control • Contribute to (and where relevant own) the preparation of related reports for senior management, internal and external audits as well as external regulatory bodies as appropriate • Supports the Product/Product Group teams in implementing by design the required IT compliance standards in their solutions to meet the desired level of compliance maturity according to the Nestlé Framework • Coordinates audit-related tasks, such as audits requests, and ensure the readiness of IT Product Group Managers and IT Product Managers as well as Partners and their organizations for audits testing: facilitate the timely resolution of any audit findings (includes supporting product/product groups in the execution and follow-up of Partner Compliance Audits, including cloud) • Coaches & trains Product/Product Group teams in the management of risks, controls and corrective actions through the implementation of the Nestlé Information Security Management System (ISMS) • Tracks and reports the compliance through relevant metrics • Oversees the development and roll out of the Risk, Compliance & Security capability framework for their Product/Product Groups, including the roll out and tracking of the awareness and behaviour training for all team members **What will make you successful** • 6-8+ years of experience in a combination of risk management, compliance, information security and IS/IT jobs • Undergraduate degree preferable in the field of computer science, law, IS/IT Security • Experience in developing and submitting IT audit, risk and compliance reports • Experience with effective communication at different levels in the organization and in English • Direct experience and knowledge of regional, national and local IT laws and regulations • Demonstrated ability to apply IT-related knowledge & experience in solving compliance issues • Demonstrated understanding of cloud services, data processing, hardware platforms, enterprise software applications and outsourced systems • General knowledge of business theory, business processes, management, budgeting and business office operations and solid understanding of product management principles • Knowledge of emerging AI regulations and key governance, risk management and other existing regulations such as GDPR, Data Act, etc • Ability to lead complex projects of Assessment of AI solutions; • Development and implementation of Responsible AI frameworks and advanced analytics tools. • Understanding of computer systems and integration capabilities • Experience in working in a global environment and with virtual teams • Holding Risk, Security and Compliance certifications is mandatory - CISA, CISM, CRISC, CSX • Lead Implementor or Auditor ISO/IEC 27001