Security Project Engagement Coordinator
The Project Coordinator Risk & Compliance Associate Analyst will be a liaison between the PepsiCo project teams and the Information Security teams throughout the project lifecycle.
The role will be responsible for scheduling and facilitating reviews of projects, helping capture deliverables throughout the project lifecycle, helping to identify risks and security requirements, validation of project phase completion, and coordination of engagement between the various security teams as needed to assess compliance with the ISG standards and policies.
It will guide global project teams through the Information Security Work Intake processes. This role is a blend of functional, business, and some technical skills to validate the PLM project compliance.
The key responsibilities of the role are as follows:
- The role will be a liaison between global project teams and various Information Security team.
- Schedule and facilitate project reviews to ensure the project progression and to capture security requirements.
- Drive information security practices and processes through the project lifecycle.
- The role will need to have a good understanding of the project lifecycle and the security requirements and standards so that they can advise projects on timing and execution.
- Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and risk assessments, reviewing architecture/platform documentation.
- Act in an advisory role in application development processes to security requirements, processes, and standards and policies.
- Partner with the project teams, Project Security Assurance Governance Leads, EAs, and security team Subject Matter Experts to complete a review of technical/functional documentation and identify business risks associated with policy exceptions.
- Advise as needed on Standards Exceptions to ensure non-compliance to standards has risk acceptance as needed.
- Monitor the GRC function’s SPA Mailbox.
- Creation of test cases, execution of test cases, regression testing as related to Archer application.
- Bachelor's degree in Cyber Security, Computer Information Systems, Computer Science, or other STEM equivalent required.
- 2+ years of IT experience preferably in Information IT, Security, IT Audit, Cyber Security or Forensics
- 2+ years of System Security, Audit and Controls, or Information Management, Application Security Controls, experience
- 2+ years of technical experience across various technologies and architectures including web, networks, infrastructure, mobility, computer applications, and information security
- 2+ years direct technical experience with one or more security-related regulatory or industry standards (HIPAA/HITECH, SOx, PCI-DSS, etc.)
- Demonstrated understanding of information security risk frameworks/standards (IS0 27000/27001, COBIT, NIST 800, etc)
- Professional Certification preferred: CISSP, CISA, CEH, CSSLP, CHFI, CCSP, GCIH, GCIA, PMP, ITIL v3, Six Sigma
- Experience working in a global environment, organized and detail oriented. Project Management or Project Coordinator background is a plus
- Ability to manage multiple priorities and work across multiple organizations, sectors and teams
- Strong communication skills and ability to interact effectively with direct managers, staff and vendors in both technical and business roles
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- Understanding of project lifecycle methodologies and deliverables
- In depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, mobile devices, and information security
- Comprehensive technical and functional understanding of various security solutions, technologies and industry-leading practices
- Strong verbal and written communication skills that positively impact relationships with key stakeholders.
- Attention to detail with ability to work on several tasks simultaneously
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- At least one of the following certifications is highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT)
Job Type: Regular
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy
Please view our Pay Transparency Statement