Cyber and Digital Security Expert - OT and IoT

Cyber and Digital Security Expert - OT and IoT

We are looking for a Cyber and Digital Security Expert - OT and IoT to be part of our IT Security and Compliance team.

Position Snapshot

• Location : Barcelona
• Type of Contract : Permanent
• Stream : IT Security & Compliance
• Type of work : Hybrid
• Work Language : Fluent Business English

The role

In this position, you are responsible for establishing and maintaining security products, platforms, and solutions designed to mitigate IS / IT risks across Nestlé Group to ensure that information assets are adequately protected. You are responsible for the identification, evaluation, and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. As Cyber and Digital Security Expert, you are required to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. You will proactively work with IS / IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS / IT Product Groups, you represent Security in various core team meetings. The Cyber and Digital Security Expert continuously researches and stays on top of emerging security threats, technologies, and trends.

What you’ll do

• Ensure new products, platforms, and solutions are implemented "Secure & Compliant by Design" in regards to ICS or Enterprise IoT solutions.
• Directly contribute to securing our manufacturing and building facilities IoT & OT solutions.
• Provide strategic risk guidance for IT projects and product management, including the evaluation and recommendation of technical controls in regards to IoT or IIoT solutions.
• Ensure that Consumer IoT solutions are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• Liaise among the information security team and corporate compliance, audit, legal, and HR management teams as required.
• Understand and interact with related disciplines to ensure the consistent application of policies and standards across all product groups; technology projects and systems, including, but not limited to, privacy, risk management, compliance, and business continuity management.
• Work closely with Enterprise Architects, other functional area architects, and other Security Specialists to ensure adequate security solutions are in place throughout all IT products and platforms to mitigate identified risks sufficiently and to meet business objectives and regulatory requirements.
• Develop the business, information, and technical artifacts that constitute the enterprise information security architecture and solutions.

We offer you

We offer more than just a job. We put people first and inspire you to become the best version of yourself :

• Great benefits including competitive salary and a comprehensive social benefits package. We have one of the most competitive pension plans on the market, as well as flexible remuneration with tax advantages : health insurance, restaurant card, mobility plan, etc.
• Personal and professional growth through ongoing training and constant career opportunities reflecting our conviction that people are our most important asset.
• Hybrid working environment with flexible working scheme . Our state-of-the-art campus is dog-friendly and equipped with a medical center, canteen, and areas to co-create network and chill!
• Recreation activities such as yoga, Zumba, etc. and a wide range of volunteering activities.

Minimum Qualifications :

• Bachelor's Degree in Computer Science, System Analysis, or a related study, or equivalent experience.
• 7+ years of experience in a combination of risk management, information security, and IS / IT jobs.
• Employment history must demonstrate increasing levels of responsibility.
• Successful experience in implementing Cyber Security products in manufacturing environments.
• Successful experience in implementing Industry 4.0 solutions securely end-to-end.
• Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment.
• Successful experience creating ICS security monitoring and remediation policies using industry standard reference architecture mapping such as the Purdue model.
• Knowledge of common Information Security Management Frameworks, such as IEC 62443-2, ISO 27001, IS / ITIL, COBIT / IT, and NIST-80.

Bonus Points if you :

• Professional security management certification, such as a GIAC Global Industrial Security Professional (GICSP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or other similar credentials, is preferred.

Not a 100% match? No worries! Nestlé supports your personal growth with customized development solutions.

What you can expect in your application journey :

1. Hit apply and enter our job portal.

2. Submit your application with your CV.

3. We will contact relevant applicants.

4. Interviews (HR, Hiring team, and stakeholders).

5. Feedback.

6. We make an offer.

7. Location dependent checks and pre-onboarding.

We are Nestlé, the largest food and beverage company with brands including KitKat, Nescafé, Maggi, Purina, among many others. We are approximately 275,000 employees strong, motivated by the purpose of enhancing the quality of life and contributing to a healthier future. Our values are rooted in respect : respect for ourselves, respect for others, respect for diversity, and respect for our future. With more than CHF 94.4 billion sales in 2022, we have an expansive presence, with 344 factories in 77 countries. Want to learn more?

Visit us at

We encourage the diversity of applicants across gender, age, ethnicity, nationality, sexual orientation, social background, religion or belief, and disability.