Senior IT Security Engineer at NEAR Foundation leading information security program and compliance initiatives. Partnering with IT teams for secure architectural design and risk management.
About the role
- Seeking ISMS Manager to oversee security and compliance for information management at Nestlé Canada. Role involves policy development, risk management, and collaboration across teams.
Responsibilities
- Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR)
- Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements
- Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies
- Collaborate with cross-functional teams, distribution centre, production locations to ensure security policies are integrated into all business processes
- Collaborate with business stakeholders to identify required security controls and ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment
- Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements
- Ensure business continuity and disaster recovery frameworks are documented, tested, and improved for DC and Production locations
- Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management
- Guide the distribution centre and production locations for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits
- Develop and maintain documentation required for compliance audits and certifications
- Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities
- Maintain compliance KPIs and KRIs based on company risk appetite and Global requirements
- Support the delivery of training programs to educate employees on information security policies, procedures, and best practices
- Promote a culture of security awareness within the distribution centre and production locations
- Support regular security awareness campaigns and workshops
- Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics
- Develop and maintain the location risk register
- Collaborate with Global, Regional and Local teams on incident response governance and post-incident reviews
- Manage security incident response locally, including investigation, containment, and remediation
Requirements
- Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience)
- Minimum of 5+ years of experience in information technology or combination of risk management, compliance, information security and IT jobs
- Hands on experience and knowledge of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations
- Experience with risk assessment and management, process and control implementation
- Experience leading internal and external audits
- Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization
Benefits
- Comprehensive total rewards benefits package including Health and Dental benefits that start on day one of employment
- Company matched pension plan
- Three weeks of Vacation and five personal days (Personal Paid Holidays)
- Flexible and hybrid work arrangements
- Excellent training and development programs as well as opportunities to grow within the company
- Access to Educational Assistance & Tuition Reimbursement
- Bonus eligibility
- Access to the Discount Company store with Nestlé, Nespresso, and Purina products (Located across various Nestle offices/sites)
- Additional discounts on a variety of products and services offered by our preferred vendors and partnerships
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Bilingual Security Director for International SOS driving revenue growth of health security subscription services in Canada. Supporting consulting, training, and managed services with trusted client relationships.
Program Manager driving complex engineering projects within the Product Security organization at CrowdStrike. Collaborating cross - functionally to ensure timely delivery of security solutions across product portfolios.
Security Engineer focused on matching technology opportunities with customer business objectives at Tenable. Delivering technical presentations and driving successful customer engagements in cybersecurity solutions.
Business Development & Capture Lead for Global Spatial Technology Solutions driving revenue growth in defence sector. Engaging senior stakeholders and leading proposal development across global markets from a remote location.
IT & Security Specialist managing IT operations, security, and infrastructure for Senstar, a leader in security technology. Hands - on role blending end - user support, cybersecurity, and infrastructure management.
HR Systems Security Specialist responsible for design, configuration, and administration of security within Workday and SAP. Collaborating with HR and stakeholders to ensure effective access design and compliance.
Cybersecurity advisor working within the DCYB to develop IT security measures. Collaborating with teams to fortify cybersecurity posture and ensuring data protection for citizens.
Consultant in remuneration and occupational health and safety at the Quebec Federation of Municipalities. Ensuring employee needs match organizational requirements and promoting a safe work environment.
Cybersecurity Administrator providing operational support for compliance activities in information security. Assisting vendor risk management, audit coordination, and vulnerability tracking.