Information Security Management System & Compliance Manager (12-months contract)

Nestlé • Contract • North York, ON, CA • 4d ago

Position Snapshot

Business area: Nestlé Canada Inc.

Job title: Information Security Management System & Compliance Manager

Location: North York, ON located at 25 Sheppard Ave W, North York, ON M2N 6S8;

Hybrid

A Little Bit About Us

While Nestlé is known for KitKat, Gerber, Nescafe, and Häagen-Dazs, our recipe for success comes down to one thing: our people. We strive to lead a people-focused culture that empowers employees to bring their authentic selves to work each day. There are 3,000+ members of Nestlé Canada celebrated for taking action using agility, courage, and trust to find solutions that benefit the business or greater good. We’re a team of changemakers, who are curious and challenge the status quo, that take risks that will help drive us forward. Our focus is not only on nourishing our customers, but also about enriching you. We know that empowerment leads to strong employee engagement, a great work culture, and motivated employees.

What To Expect

We are seeking a skilled and experienced Information Security Management System & Compliance Manager to join our dynamic team. The ideal candidate will be responsible for overseeing and ensuring the integrity, confidentiality, and availability of our information security management system (ISMS). This role involves developing, implementing, and maintaining security policies and compliance frameworks to ensure the protection of information assets and adherence to relevant regulations and standards. The manager will work closely with various stakeholders to promote a culture of security and compliance throughout the business unit.

A day in the life of an Information Security Management System & Compliance Manager:

ISMS Development and Maintenance

Design, implement, and maintain the ISMS in alignment with ISO/IEC 27001 standards.
Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements.
Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies.
Collaborate with cross-functional teams to ensure security policies are integrated into all business processes.
Collaborate with business stakeholders to identify required security controls, and ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment.

Compliance and Audit Management

Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management.
Prepare the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits.
Develop and maintain documentation required for compliance audits and certifications.
Coordinate with external auditors and facilitate the audit process, addressing any findings or non-conformities.

Security Awareness and Training

Support the delivery of training programs to educate employees on information security policies, procedures, and best practices.
Promote a culture of security awareness within the functional unit.
Support regular security awareness campaigns and workshops.

Role Requirements

Bachelor’s degree in Information Security, Computer Science, or a related field.
Minimum of 3+ years of experience in information technology or combination of risk management, compliance, information security and IT jobs.
Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations.
Experience with risk assessment and management, process and control implementation.
Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization.

Preferred Skills

Relevant certifications such as CRISC, or ISO/IEC 27001 Lead Implementer/Auditor are highly desirable.
In-depth knowledge of information security principles, practices, and technologies.
Strong analytical and problem-solving skills.
Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative.
Ability to work independently and as part of a team.
High attention to detail and organizational skills.
Proven ability to manage multiple initiatives and deadlines effectively.
Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.

We have a friendly, supportive team with a coaching and mentoring environment. There are real opportunities for future development and progression – this really could be a move towards the exciting finance career you’ve always wanted.

What You Need To Know

We will be considering applicants as they apply, so please don’t delay in submitting your application.

Nestlé Canada is an equal-opportunity employer committed to diversity, equity, inclusion, and accessibility. We welcome qualified applicants to bring their diverse and unique experiences as a result of their education, perspectives, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, colour, religion, disability, sexual orientation and beliefs.

If you are selected to participate in the recruitment process, please inform Human Resources of any accommodations you may require. Nestlé will work with you in an effort to ensure that you are able to fully participate in the process.