IT Risk & Compliance Specialist

IT Risk & Compliance Specialist Function: Business Process & Technology (BPT) Are you passionate about safeguarding organizations from cyber threats and ensuring regulatory compliance? Join our IT Risk & Compliance team and play a key role in managing Information and Cyber Security risks across one of the world’s leading FMCG companies.

In this role, you’ll help us stay ahead of evolving cyber regulations and strengthen our IT risk posture through proactive identification, assessment, and mitigation strategies.

• Lead regulatory alignment by implementing IT Cyber Resilience requirements (e.g., NIS2) across all CCEP markets.
• Enhance governance and processes to strengthen our IT Risk landscape.
• Drive performance and maturity by partnering with stakeholders and control owners to continuously improve risk management processes.

• Act as Subject Matter Expert for IT Risk and Compliance topics (e.g., NIST, NIS2, CRE).
• Provide consultancy and technical expertise on risk mitigation and control maturity activities.
• Deliver Information Security risk assessments at corporate and local levels, including facilitation, reporting, mitigation planning, and tracking.
• Perform periodic self‑assessments of risk and controls, health checks, and continuous improvement.
• Manage IT control compliance attestation, providing 2nd Line of Defence oversight.
• Maintain IT framework and compliance performance through GRC dashboards.
• Train colleagues on IT Risk and Controls.
• Produce management reporting on Information Security Risk and Control KPIs.
• Collaborate with internal and external auditors, supporting evidence collection and tracking audit findings.
• Build strong networks with key stakeholders such as Enterprise Risk Management, Business Continuity & Resilience, Corporate Security, Finance Internal Controls, and Internal Audit.

• Bachelor’s degree in Computer Science, Information Systems, Business, or related field.
• 4 years of IT experience in Information Security or similar.
• English proficiency (required).
• Desirable Certifications: CISM, CISSP, CISA, CRISC or similar.
• Strong communication skills and ability to work in a multicultural, international environment.
• Experience with internal and external audits.
• Knowledge of Information Risk Management methodologies and tools (e.g., SNOW IRM).
• Implementing security control frameworks (ISO 27001, NIST, etc.) across diverse environments.
• Proven success in delivering projects/audits within budget.
• Process design and continuous improvement mindset.
• Analytical and planning skills with an independent, goal‑oriented approach.
• Ability to navigate complex organizations and solve problems creatively.
• Experience in FMCG, beverage industry, or logistics (preferred).
• Technical Skills: Knowledge of regulatory environments (NIS2, CER, CRA).
• Familiarity with Information Security Management Systems and control frameworks.
• Ability to implement ServiceNow GRC workflows.
• Ability to create PowerBI dashboards with automated data synchronization.

We are Coca‑Cola Europacific Partners (CCEP) – a dedicated team of 42,000 people, serving customers in 31 countries, who work together to make, move and sell some of the world’s most loved drinks.

We help our 2.1 million customers grow, and we are constantly investing in exciting new products, innovative technologies and fresh ideas. This helps us to delight the 600 million people who enjoy our drinks every day.

From gender, age and ethnicity to sexual orientation and different abilities, we welcome people from all walks of life and empower unique perspectives. We recognise we’ve got some way to go, but we’ll get there with the support of our people. It’s them who drive our future growth.

We recognise some people prefer not to participate in alcohol related sales, interactions, or promotions. If that’s true for you – please raise this with your talent acquisition contact who will advise you on whether this role includes activities related to our alcohol portfolio.