Security & Compliance Analyst

**Position Summary**

**Ubication**: Lima

**Time**: Full Time

**Report to**: BRM of the Market

**Position Snapshot**:
Under the supervision and guidance of Security& Compliance FRM / BRMs/ IT streams the Security & Compliance Analyst is responsible for implementing, coaching and supporting an integrated risk, compliance and security management systems in accordance with the business risk appetite. The management systems enable the IT teams globally to identify, document, measure and address its compliance requirements, including but not limited to data protection, privacy, 3rd party/vendor, information security and procurement.

The Security & Compliance Analyst's responsibilities include ensuring the teams can drive all their risk, compliance and security requirements through the management system, ensuring compliant and secure products & platforms meeting the business risk appetite. To enable this, s/he is responsible for providing the tools, processes, and frameworks to support IT Compliance in Nestle and for conducting IT controls testing.

**A day in the life of...**
- Responsible for implementing, coaching, and reporting on Risk, Compliance & Security through the Nestlé Compliance, and Information Security management system within IT:

- Supports risk identification and controls mapping for all solutions and processes in product/product groups and other IT teams using the Nestlé Security, Risk & Compliance framework, and management system.
- Responsible for conducting controls testing, management system reviews and reporting to assess the IT compliance and management system.
- Provides guidance and support to IT teams in implementing by design the required IT compliance in their solutions to meet the desired level of compliance maturity and risk appetite in the Nestlé Framework.
- Responsible for implementing and sustaining the tools and process for the Nestlé Compliance & Information Security Management System:

- Implements tools and process to support an integrated Risk, Compliance & Security Framework (including regulatory requirements PCI, GDPR Quality etc.)
- Maintains the management system through continuous review and evaluation of external frameworks and standards (e.g., ISO27001, COBIT, NIST, ITIL etc.)
- Supports the execution of IT audit activities and requests.
- Works with IT teams and internal and external Auditors, tracking and following up all IT audits, internal review, or regulatory findings as corrective & preventative actions through the management systems.
- Validates root causes have been addressed prior to closure of corrective & preventative actions.
- Supports IT teams in ensuring the required levels of documentation and evidence to support audit and regulatory requirements.
- Acts as partner to all IT units for IT compliance questions and advice.
- Drives the development & roll out of the Risk, Compliance & Security competency framework for IT Workforce Planning & Management team including the roll out and tracking of the awareness and behavior training.

**What will make you **successful**
- 3+ years of experience in a combination of risk management, compliance, information security and IT jobs
- Undergraduate degree in the field of computer science, law, IT Security, Quality Management, or business administration; graduate degree in one these fields preferred.
- Industry-related compliance, risk or security management certification is preferred.
- Experience developing and submitting IT audit and compliance reports.
- Experience with effective communication at different levels in the organization and in English
- Experience having worked in a global environment and with virtual teams.