Cybersecurity Strategist, Internal Controls

at Nestle USA
Location Arlington, VA
Date Posted February 4, 2021
Category Default
Job Type Full-time


Foods people love. Brands people trust. And a career that nourishes your future like no other.

If you're driven by the passion to do something meaningful that changes lives, Nestlé is the place for you. We're in 97% of American homes, and as the top tier food and beverage company, our goals are to continue to deliver quality food and beverage products, strengthen our local communities, and reduce our environmental and climate impact.

We're determined to challenge the status quo and be better tomorrow than we are today. As individuals and teams, we embrace our ambitious culture and have created a workplace where collaboration is essential, courage is rewarded, speed is expected, and agility is the norm to delight our consumers every single day. Here, you will find limitless opportunities to learn, advance your career, and feel empowered to succeed in the workplace and beyond. Because our focus is not only on nourishing our customers, it's about enriching you.


Within the Internal Controls Competency Center (ICCC) for the Nestlé North America Region, you will serve as the PMO for the Nestlé NA Region's on-going cybersecurity resiliency efforts and plan.  You will establish goals and milestones to ensure the effort moves forward to achieve designated current and future targets.  In addition, you will assist with the investigation of cybersecurity incidents impacting both Nestlé and its vendors/suppliers and establish internal controls to mitigate risks determined as the root cause of the incidents.  Also, you will coordinate with Procurement and Supply Chain Management on-going efforts to monitor current and emerging security risks with vendors and suppliers and other duties as assigned by the Head of Internal Controls-ICCC NA.


Position responsibilities include, but are not limited to, the following:
• As the PMO for the cyber risk and control resiliency efforts, lead and evaluate related information security controls including second line review, challenge, and quality assurance the controls, and analyze information (e.g., risk and control assessments, risk identification, technical and process vulnerabilities) to identify the effectiveness of current mitigation and remediation strategies and to move forward the Nestlé Cyber Resiliency Plan for the North America Region
• Advise Operating Companies and departments on the design, implementation, and monitoring of information security controls; the identification of vulnerabilities; and the development of remediation plans to enhance the resiliency posture
• On-going evaluation of reports (risk profiles, risk packages, metrics dashboards) on business risks to identify themes or trends and promote information sharing and transparency of material risks and control issues
• Partnering with IT/IS and GSOC (as local representation), identify, measure, monitor and report on security risks within Nestlé's information technology domain, and assess the adequacy of controls over information security, cyber security and software security
• Provide thought-leadership and consultation to Nestlé related to the information (cyber) security posture of third parties (vendors and suppliers) through the assessed functional and technical risks related to the use, processing, storage and transmission of information to and from those third-party entities that impact Nestlé in the NA Region (both in the corporate and manufacturing environments)
• As a member of the Regional Cyber Response Team, assist with cyber security incidents and investigations including documenting the incident; performing root cause analysis to enhance the internal control environment and reporting the incident as required by Nestlé Reporting Standards
• Assist with on-going Information Security Risk Assessments (Vendor Security Risk Assessments) to ensure each is technically sound and provides value-added results on the risks and vulnerabilities of the third parties (in both corporate and manufacturing environments), including recommendations of controls to mitigate the risks identified in the assessments
• Create and present management level presentations that inform and influence leadership regarding the cyber resilience efforts for the NA Region.

• Bachelor's Degree in Information Technology, Information Security, Business, or other relevant degree
• Certifications in CISA, CISSP and/or CRISC preferred
• 7 years of sustainable high performance in Information Technology or Information Security required, including a minimum of 3 years of experience in Internal Controls or Cybersecurity roles (IT SOX and/or cybersecurity investigative experience are added pluses).
• 3 years of experience leading project teams required (preferably with a global manufacturing company)
• Enterprise Risk Management and/or Finance experience is preferred

• Good working knowledge of cybersecurity and/or data security controls for a large global company.
• In-depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security.
• Strong Microsoft Excel, Word and PowerPoint skills to analyze metrics and create management-level presentations
• Good understanding of and the ability to apply risk management and control frameworks (i.e., NIST 800-53) and industry best practices. Understanding of vulnerability risk impact on important goals and processes; ability to link risk and control management programs to inform business strategies.
• Strong Internal Controls background
• Strong ability to effectively influence others (including Senior Management) and lead peers

• Strong analytical, technical and documentation skills
• Solid networking skills to manage relationships with business partners 
• Capability to manage several priorities and projects simultaneously
• Strong ability to optimize and facilitate the application of business processes 
• Ideal candidate is results focused; a self-starter with a strong initiative; naturally inquisitive; able to think independently and has a desire to make a difference

The Nestlé Companies are equal employment and affirmative action employers and looking for diversity in qualified candidates for employment