Security Compliance, Assurance and Reporting Specialist

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

The goal of the Security Compliance, Assurance and Reporting (SCAR) Product Team is to assist central D&T Product Teams and Asset Owners in establishing the Security Control Framework, assessing its operational effectiveness, and reporting on its Compliance threshold.

The SCAR Security Specialist is responsible for the management and implementation of the global Cyber Security Strategy based on the NIST Cyber Security Framework, to reduce the risk of a Cybersecurity incident according to the risk appetite of HEINEKEN and the OpCo, as well as to raise wider OpCo Cybersecurity awareness.

Your responsibilities would include:

• supporting Central D&T Product Teams and Asset Owners with the design, implementation, and assessment of the Risk and Control Matrix (RACM)
• rationalising and streamlining the HEINEKEN Control Framework Implementation, Testing, Compliance, and Reporting
• helping OpCos and D&T Functional Domains to tailor the existing RACM as per their needs (Make it fit for purpose)
• creating a central repository of RACMs that can be reused (share and re-apply)
• periodic execution of the Information Security Maturity Assessment (ISMA) (OneTrust) on the RACMs
• aligning RACM and HeiRule Control Self Assessment (CSA) Compliance Reporting
• compliance activities (HeiRule CSA)
• maintaining dashboards for continuous monitoring
• driving useful and timely 3rd-party reporting
• centralising the Cyber Security KPIs Reporting
• working closely together with the Global Information Security MT, OpCo Cyber Security Officers and external partners
• utilising the Agile Ways of Working Methodology and maintaining workloads in JIRA.

You are a good candidate if you have:

• 5+ years of working in the cybersecurity field and previous experience working as a cybersecurity officer or manager
• experience with relevant market standards such as NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws
• experience in a cross-functional environment; preferably a background in the FMCG industry
• ability to explain complex technical processes to business stakeholders
• flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
• strong interpersonal skills, relationship management and negotiation skills, strong verbal and written communication skills
• experience developing self and others through continuous learning, sharing best practices, knowledge, and expertise
• excellent management and leadership skills.
• knowledge of Agile Ways of Working Methodology (JIRA / Kanban / Sprints, etc).

At HEINEKEN Kraków, we take integrity and ethical conduct seriously. If someone has concerns about a possible violation of legal regulations indicated in Polish Whistleblowing Act or our Code of Business Conduct, we encourage them to speak up. Cases can be reported to global team or locally (in line with the local HGSS Whistleblowing procedure) by selecting proper option in this tool or by communicating it on hotline.

We Offer: