Nestléa global benchmark in the food sector, symbolizes the challenge of managing cybersecurity and compliance in large-scale and complex IT environments. Its operational scope – more than 270,000 employees, 350 factories and presence in 185 countries – requires global standards and a digital strategy where the protection of assets, data and iconic brands is critical to guarantee trust and business continuity.
In this interview, Eugenio Marinhead of operations in one of the global IT departments (Security & Compliance), details how Nestlé addresses comprehensive defense against emerging risks, integrates technological innovation and Artificial Intelligence into its key processes, and promotes a transversal security culture. Eugenio Marin explains the central role of risk management, the new ethical horizons for AI and why the digital resilience of the future depends as much on technology as it does on people.
(MCPRO) From your position as head of operations at Security & Compliance, how do you define the strategic role that this department plays within Nestlé’s digital transformation?
(Eugenio Marin) Firstly, what is truly strategic is that a company like Nestlé, with a presence in 185 countries, with more than 270,000 employees and around 350 factories, has an IT Security and Compliance department that operates on a global scale. This team is made up of highly specialized professionals in risk management and cybersecurity, and has advanced technologies that allow the company’s digital assets and processes to be protected. Their work not only ensures operational security and protects our digital assets, but also enables Nestlé’s digital transformation in a safe, ethical and sustainable way.
Regarding my position as head of operations for IT Security and Compliance products, I contribute to the formulation of the global technology strategy and coordinate its execution through the definition of objectives, the active management of the project portfolio, financial coordination, talent management and, above all, the support of transversal initiatives that drive the evolution of our IT operating system so that it remains relevant now and in the future.
(MCPRO) What are the main challenges when it comes to aligning the department’s governance action with the group’s strategic objectives, and how do you address them to maintain agility in such a changing environment?
(Eugenio Marin) It is important to distinguish between the operational routines that enable the continuous provision of cybersecurity and compliance services today and the selection of projects that make us more resilient and prepare us for the future. The main challenges are located on that border between the present and the future, where the business advances in a certain direction and at a certain pace, while technology (and cybercriminals) evolve along different paths, often faster and less predictable. This divergence forces us to anticipate, adapt and act with agility to protect the digital ecosystem without slowing down innovation. Therefore, having changing objectives, it is important to set innovation horizons (one year, three years), collaborate with other areas of the business where there may be knowledge synergies, and be agile in decision-making.
On the other hand, as responsible for guaranteeing technological Security and Compliance throughout the Nestlé group, we constantly promote a culture of risk management through our ISMS (Information Security Management System, in English) in which each department plays an active role in the identification, implementation and monitoring of controls. This transversal collaboration is key to strengthening the company’s digital resilience.
(MCPRO) Financial management, program portfolio and supplier management are key areas of your responsibility. What best practices do you apply to optimize resources and guarantee the successful delivery of projects?
(Eugenio Marin) The cornerstone of our way of working is risk management. We continually monitor the validity and evolution of each risk, identify new ones and question the validity and validity of our programs and projects. Therefore, coordination and communication across multiple organizational layers and the use of a common language are essential to succeed in our mission.
Our suppliers (which we call partners) are fundamental actors in our operations. They execute very important tasks for us and are in charge of activities that they can do better or in a more efficient and agile way.
(MCPRO) Regarding the portfolio of products, applications and services, how do you balance technological innovation with operational stability and regulatory compliance in critical environments such as Security and Compliance?
(Eugenio Marin) I reiterate the centrality of risk management because through that prism we evaluate the coherence of our technology stack in relation to the level of risk that our organization is willing to tolerate.
In a company with the scale of Nestlé, with more than 150 years of history and more than 2,000 brands, many with a great symbolic and emotional charge, safety and regulatory compliance cannot be treated as something secondary or at the end of the decision-making process. That is why from our department we federate bodies and teams that are present in all areas of the organization. We are attentive to regulatory changes and collaborate with the legal teams in all the countries in which we operate to work with the maximum respect for current regulations.
However, the first line of defense is the individual. We are talking in October, and this is “Cybersecurity Awareness Month” promoted by multiple international organizations such as ENISA (European Union Agency for Cybersecurity) since 2012. Throughout this month we deploy familiarization and education campaigns that reach our employees around the world to equip them with knowledge and tools that allow them to be alert and help us reduce our risks.
(MCPRO) How is Nestlé incorporating Artificial Intelligence into security and compliance management, and what benefits have you obtained? Has the use of AI optimized operational management and facilitated more agile decision-making in your department?
(Eugenio Marin) Our department has been one of the pioneers in the use of AI in the Nestlé group. It must be taken into account that unlike other transactional processes, the creation of incidents, the identification of suspicions and the activation of cybersecurity alerts have always been increasing. Therefore here is a process that without AI would be uncontrollable. AI helps us categorize and manage these “tickets,” identify common causes, rule out false positives, and mine useful information for active monitoring of the security perimeter.
We have also developed chatbots that allow professionals to access quality information, validated by experts in various areas of knowledge, improving their productivity and reducing the risk of using unverified or irrelevant information.
(MCPRO) Looking to the future, what do you think will be the major technological or strategic trends that will shape IT operations management in multinational companies like Nestlé over the coming years?
(Eugenio Marin) In the coming years, IT operations management will be marked by intelligent automation and the orchestration of AI agents. This area is accelerating at a dizzying pace and I predict that operating and government systems will have to be adapted dynamically, forcing us to rethink old paradigms.
We will continue to refine the management, resilience and optimization of data in the cloud, addressing hybrid models adapted to business use cases. In terms of new technologies, advances in quantum cryptography will raise the level of demand for asset security and the digital resilience of organizations.
At a strategic level, companies will be required to link their AI roadmaps to responsible ethical principles. At Nestlé we apply responsible governance principles for AI based on transparency, fairness, privacy, security and responsibility. We have established working groups to ensure its correct functioning and we have specific guides for generative AI that guarantee ethical use, maximum data protection and regulatory compliance.
I see the future with optimism. Artificial Intelligence will be key to anticipating threats and reinforcing cybersecurity, creating a safer, more resilient and ethically responsible digital environment.
