3rd Party Cyber Security Compliance Specialist
Our Information Security Group at PepsiCo is looking for cyber security professionals to join our very exciting journey to manage cyber security risks for PepsiCo and all our partners around the world, including manufacturing plants. The Global 3rd Party Cyber Security Compliance Associate Specialist will be responsible for assessing information (cyber) security to determine functional and technical risks related to the use, processing, storage and transmission of information to and from those 3rd party entities that impact PepsiCo globally, as well as our manufacturing plants.
The key responsibilities of the role are as follows:
- Own 3rd party reviews (functional/technical) throughout the entire assessment life cycle.
- Conduct information security risk and vulnerability assessments (functional/technical) of 3rd party (including manufacturing plants) to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
- Apply technical expertise to drill deep down into a wide variety of technologies/architectures utilized by 3rd parties to understand impacts/risks to PepsiCo.
- Determine information security requirements/leading practices for new technical/functional areas of assessments.
- Assess 3rd party information security risk posture (functional/technical) to ensure compliance with PepsiCo guidelines and industry leading practices.
- Present findings (functional/technical) to various stakeholders and levels throughout the organization.
- Partner with third parties to suggest/recommend potential mitigation solutions for risk areas.
- Perform 3rd party site visits to perform thorough assessments.
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly-effective in the role. These skills and competencies include:
- 3rd party assessment skills to evaluation functional and technical capabilities.
- In depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security.
- Comprehensive technical and functional understanding of various security solutions, technologies and industry-leading practices.
- Strong verbal and written communication skills that positively impact relationships with key businesses’ and 3rd parties’ stakeholders.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Strong ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.
- Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Bachelor's degree
- Master's degree preferable.
- 3+ years of experience in Cyber (Information) Security including Architecture.
- 3+ year of experience in 3rd Party information security risk compliance and/or governance.
- 3+ years of technical experience across various technologies and architectures including web, networks, infrastructure, manufacturing equipment, mobility, computer applications, and information security.
- At least one of the following certifications is highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).
Job Type: Regular
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity
For San Francisco Bay Area: Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy
Please view our Pay Transparency Statement