Technology Specialist - Security & Tech Compliance

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

This role is part of the Digital & Technology department of HEINEKEN International and is located in the Heineken Global Shared Service hub. D&T is proud to bring cutting-edge innovation, strong technology and advanced analytics to HEINEKEN. With speed and agility, we ensure HEINEKEN has the technological competitive advantages it needs to deliver on its ambitions.

The Technology Specialist – Security & Compliance is part of the D&T Connected Supply Chain team acts as a key liaison with Global Information Security, Privacy, and Legal teams to ensure that HEINEKEN’s technology risks are properly managed across Information Security, Data Privacy, and AI domains, and that information assets and platforms are secured in line with HEINEKEN standards.

This role also supports Supply Chain Digital Innovation initiatives by enabling the secure and compliant adoption of current and new technologies (e.g., AI, advanced analytics, IoT solutions), ensuring that risks are assessed, understood, and managed across experiment, validate, and scale phases. In addition, the role contributes to portfolio-level risk governance by providing visibility on risk posture, supporting decision-making, and ensuring alignment between Product Teams and Global Security, Privacy, and AI governance frameworks.

The Technology Specialist – Security & Tech Compliance reports into the D&T Lead – Security & Tech Compliance, leading & coordinating “Security by Design” to all Supply Chain related technologies / platforms. This role is a Champion of the security foundations built by the Global Information Security teams, that include Cyber Defence Operations (CDO), Security Competence Centre (SCC) and Security Chapters (ERP, Applications, Enterprise Architecture, Data Privacy, etc) to design, implement, monitor, respond and assist with recovery activities against cyberattacks. This role is crucial to help deliver deep security and risk management expertise to enable Supply Chain Product Teams to form a proper 1st Line of Defense by building the right capabilities into their products (Security by Design) and support them.

The Technology Specialist – Security & Tech Compliance will support D&T SC Product Teams to complete Information Security, Data Privacy and AI Assessments, platform specific technology security reviews, and implement secure asset specific configuration and effective control execution. In addition, this role helps to embed security at product level, during the product refinement sessions and by facilitating technical deep dive sessions to provide general or hands-on technical security guidance during implementation where applicable.

Your Responsibilities Would Include

• Driving the Security by Design methodology by supporting Product teams with building “secure products by design”, limiting or eliminating security debt
  
  

 Acting as a focal point between Global Information Security Product Teams and business Product Teams for all operational security-related activities

 Acting as a liaison with Privacy Officers and Legal Counsel to ensure alignment on data protection, AI governance, and regulatory requirements where applicable

 Driving the D&T Security Definition of Done implementations for all solutions in the scope of my Product Teams

 Establishing, maintaining and overseeing effective working relationships for HEINEKEN Product team specialists, external partners and Third-Party Teams providing security support on the account

 Serving as a dedicated focal point for managing Security Incidents that occur in the different solutions in my Product Team, steering the dedicated technical specialist on how to resolve issues

 Identifying security, privacy, and AI risk impacts on backlog items with the Product Owner & Product Architect

 Actively engaging with DevOps teams by facilitating technical deep dive sessions and participating in backlog refinement sessions to provide tangible security, privacy, and AI requirements

 Striving for continuous improvement and automation within the agreed way of working

• Implementing global security strategies to maintain the continuity of systems and update Product teams accordingly
  
  

 Responsibility for managing updates to and from Product Teams regarding all security-related activities and requirements, and to embed the required discipline and culture in WoW

 Performing risk reviews (Information Security, Data Privacy, and AI, where applicable) using the risk management procedure for all new programs/services to be deployed in the overall D&T SC operational environment, and advise and escalate non-compliant solutions through appropriate governance channels

• Managing and improving the Security & Tech Compliance Action Plan to address identified risks and non-compliances within D&T SC
  
  

 Driving the necessary actions to improve the Security & Tech Compliance scores across D&T SC for current applications

 Creating and maintain reports and dashboards on application risk assessments, including status, outcomes, remediation plans, and actions

 Providing risk insights to support decision-making in portfolio and governance forums

 Ensuring visibility and transparency of risk posture across products and initiatives (e.g., SIEM Score, Confidentiality, Integrity, Availability), including identification of critical applications, required remediation actions, and assessment/reassessment timelines

 Analysing and challenging derogation requests regarding the Information Security Procedure and Topic Security Procedures that a Product could have with a new solution or system, and communicating to the Global Information Security Team and Design Authority for approval in order to protect the HEINEKEN security environment

• Driving resolution of cyber security incident responses and addressing security vulnerabilities
  
  

 Identifying and performing independent analysis to resolve complex first-time issues, including the analysis of technical and economic feasibility of proposed security systems/ solutions. He/she is also responsible for assisting specific Product/Program, infrastructure or service that a 3rd Party offers to HEINEKEN with a valid and open contract to ensure that security policies are in place

• Support Supply Chain Digital Innovation initiatives where required (digital experiments and digital supplier solutions) to ensure secure and compliant adoption of new technologies
  
  

 Guide and perform Security, Privacy, and AI assessments across innovation initiatives

 Support teams in understanding assessment outcomes and implementing recommended actions

 Continuously evaluate and manage risks across experiment, validate, and scale phases

You Are a Good Candidate If You Have

• 5+ years of working as an engineer in the cybersecurity field and previous experience working as a security engineer or security officer
• Hands-on experience with working with Agile teams or DevOps teams to embed security in their product by design, Security by Design
• Hands-on experience with securing cloud platforms like Azure, AWS, Google Cloud, Salesforce, etc
• Has worked with relevant market standards such as NIST, ISO 27001, COBIT and relevant laws and regulations such as privacy laws
• Experience in handling security incidents
• Proven ability to dynamically assess risks, threats & threat actors
• Able to work in a cross-functional environment
• Sense of Business Urgency and a safe-cautious mind to close critical gaps and reduce any security breach
• Ability to explain complex technical processes to business stakeholders
• Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change, without losing sight of security deliverables
• Ability to work and team with a multitude of different people and different cultures (as appropriate)
• Display professionalism, customer service attitude, attention to detail and quality
• Possess minimum interpersonal skills, relationship management and negotiation skills, strong verbal, and written communication skills
• Relevant certifications in the field of Security: e.g. CISSP / CCSP / CISM / OSCP / OSCE / OSEE / GPEN / GXPN
• Relevant certifications/ training in the field of: Agile / DevOps / Scrum Master / Product Owner / Agile Foundation / Agile Champion / Agile Coach.