SENIOR PROFESSIONAL, IT SECURITY RISK AND COMPLIANCE

Senior Prof, IT Security Risk and Compliance, All CCEP Locations Job purpose Be part of the Information Security Risk and Compliance team, to manage Information and Cyber Security risks through effective identification, assessment, decisioning, mitigation treatment via control implementation, and active monitoring through measurement, reporting and assurance activities.
This position works with stakeholders across all of CCEP, in all business units, countries, departments, BPT and the wider Information Security teams to ensure compliance to risk and controls design, defined by regulation, local law and CCEP.
Working with stakeholders and control owners on driving performance, continuous improvement and maturity.
Driving process and governance improvements within and outside the team that will help strengthen our ISRC landscape.
Maintaining security policy governance and lifecycle, executing an effective end to end Information Security program while supporting internal and external audits from evidence submission through to finding remediation.
What will be expected of you (Aspiring) Subject Matter Expert for InfoSec Risk and Compliance related topics (e.
.
NIST, NIS2); Maintain ISRC framework and compliance performance through GRC dashboarding; Provide consultancy and technical expertise on risk mitigation and control maturity activities; Produce Management reporting on Information Security Risk and Control Performance Indicators; Facilitate the Information Security Policy and Standards annual review cycles and policy exceptions and exemptions management; Deliver Information Security risk assessments at the corporate- and local levels.
Including.
assessment facilitation, report creation of risk decisioning, mitigation planning and action tracking, maintain all evidences and progress updates on the InfoSec risk register; Perform periodic self-assessment of risk and controls, health checks, scoring, mitigation, and continuous improvement; Work collaboratively with the independent assurance functions - Internal and External Auditors.
Support and facilitate audit evidence collection and secure storage Provide tracking and management reporting of all Audit findings Manage InfoSec control compliance attestation, working with the control owners providing 2nd Line of Defence oversight; Build a strong network with key stakeholders such as.
Enterprise Risk Management, Business Continuity & Resilience Team, Corporate Security, Finance Internal Controls Team, Internal Audit; Qualifications required Bachelor's degree in Computer Science, Management of Information Systems, Business, or related field 2+ years of IT experience with 2+ years of Information Security experience or similar English.
proficiency (must) Desirable.
Qualification in Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar; Experience required Strong communication skills both verbal and written with demonstrated effective team working in a multi-cultural international environment Working collaboratively with Internal- and External auditors Information Risk Management methodology and tools Implementing a Security control frameworks such as ISO , NIST or similar Demonstrated track record of success in delivering projects/audits with budgetary constraints Process design and implementation skills, and mindset of continuous improvement to support the achievement of organisational goals and strategies Good analytical and planning skills combined with independent, goal- and process-oriented way of working Managing and maintaining Information Security and Risk & Compliance governance structure; Proven experience in navigating complex organizations with creative problem solving Experience in the consumer product market, beverage industry or logistics Technical skills required Knowledge of regulatory environments applicable to US publicly traded companies (SOX), Information Security, data privacy regulations and NIS2; Knowledge of Salesforce platform and specific Salesforce auditing standards, requirements or characteristics; Knowledge of Information Security Management Systems and Security Control Frameworks; Ability to implement ServiceNow GRC workflows across the organization; Behavioural competencies High communication skills using assertiveness and negotiation skills within a multi-cultural international organisation; Ability to work independently within a remote team; Conscientiousness, analytical and creative in thought and action; Ability to quickly adopt to situations and learn new competencies; Passion for collaborating with customers, partners, and co-workers to achieve successful outcomes; Advocate for change - challenge the status quo with proposed and improved solutions;