Position Snapshot Business area : Nestlé Canada Inc.

Job title: Information Security Management System & Compliance Manager

Location: North York, ON located at 25 Sheppard Ave W, North York, ON M2N 6S8; Compensation Range : $90,000 – $110,500 CAD

Hybrid At Nestlé Canada, we are committed to transparency and fairness in our compensation and job posting practices. This position offers a competitive salary within the range specified above, aligned with our commitment to equitable pay practices.

A Little Bit About Us While Nestlé is known for KitKat, Gerber, Nescafe, and Häagen-Dazs, our recipe for success comes down to one thing: our people. We strive to lead a people-focused culture that empowers employees to bring their authentic selves to work each day. There are 3,000+ members of Nestlé Canada celebrated for taking action using agility, courage, and trust to find solutions that benefit the business or greater good. We’re a team of changemakers, who are curious and challenge the status quo, that take risks that will help drive us forward. Our focus is not only on nourishing our customers, but also about enriching you. We know that empowerment leads to strong employee engagement, a great work culture, and motivated employees.

What To Expect We are seeking a skilled and experienced Security & Compliance Manager to join our dynamic team. The ideal candidate will be responsible for overseeing and ensuring the integrity, confidentiality, and availability of our information security management system (ISMS). This role involves developing, implementing, and maintaining security policies and compliance frameworks to ensure the protection of information assets and adherence to relevant regulations and standards. The manager will work closely with various stakeholders to promote a culture of security and compliance throughout the business unit. This position is an existing vacancy.

A day in the life of a Security & Compliance Manager: Governance, Risk & Compliance

• Develop, maintain, and enforce information security policies, standards, and procedures aligned with regulatory and industry frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, GDPR).
• Regularly review and update procedures, and controls to ensure ongoing compliance with Nestlé Global Standards, and local regulatory requirements.
• Conduct risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies.
• Collaborate with cross-functional teams to ensure security policies are integrated into all business processes.
• Collaborate with business stakeholders to identify required security controls, and ensuring risk assessments are conducted and controls have been implemented prior to transitioning technology platforms to the unit’s environment.
• Oversee vendor and third-party risk management, including due diligence, ongoing assessments, and contract security requirements.

Compliance and Audit Management

• Ensure the unit meets all relevant legal, regulatory, and contractual obligations related to information security and participate actively in vendor management.
• Guide the unit for, support, and manage internal and external audits, including ISO/IEC 27001 certification and surveillance audits.
• Develop and maintain documentation required for compliance audits and certifications.
• Coordinate with internal and external auditors and facilitate the audit process, addressing any findings or non-conformities.

Security Awareness and Training

• Support the delivery of training programs to educate employees on information security policies, procedures, and best practices.
• Promote a culture of security awareness within the functional unit.
• Support regular security awareness campaigns and workshops.
• Provide regular reporting to senior leadership on risk posture, compliance status, and key metrics

Role Requirements

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent experience).
• Minimum of 5+ years of experience in information technology or combination of risk management, compliance, information security and IT jobs.
• Understanding of ISO/IEC 27001, NIST Cybersecurity Framework and other relevant standards and regulations.
• Experience with risk assessment and management, process and control implementation.
• Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization.

Preferred Skills

• Relevant certifications such as ISO/IEC 27001 Lead Implementer/Auditor and/or CRISC, are highly desirable.
• In-depth knowledge of information security principles, practices, and technologies.
• Strong analytical and problem-solving skills.
• Strong sense of curiosity, proactive, and demonstrates a proven ability to take initiative.
• Ability to work independently and as part of a team.
• High attention to detail and organizational skills.
• Proven ability to manage multiple initiatives and deadlines effectively.
• Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance.

What You Need To Know We will be considering applicants as they apply, so please don’t delay in submitting your application.

Nestlé Canada is an equal-opportunity employer committed to diversity, equity, inclusion, and accessibility. We welcome qualified applicants to bring their diverse and unique experiences as a result of their education, perspectives, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veteran’s status, colour, religion, disability, sexual orientation and beliefs.

If you are selected to participate in the recruitment process, please inform Human Resources of any accommodations you may require. Nestlé will work with you in an effort to ensure that you are able to fully participate in the process.