Enterprise Security Architect for Access Management

Job Description

Auto req ID: 164247BR

Job Description

The Enterprise Security Architect for Access Strategy and Compliance role within Information Security will conduct access assessments, create and communicate strategy, develop and align tactical plans/programs and create/monitor compliance and efficacy of the program. The role will avail itself to industry standards, best practices, PepsiCo’s Global Policy and Control Standards, and any other key relevant information. The program’s deliverables include conducting enterprise wide cross functional/sector information security access risk assessments for compliance against PepsiCo’s Information Security policies and standards, driving/influencing change across the enterprise, developing control solutions to mitigate risk and monitor compliance and presenting findings across leadership levels in the organization. Additionally, this role will collaborate across Information Security, Information Technology, IT Controls and business stakeholders to coordinate response and remediation of issues related to information security access management.

The following are key role expectations:

  1. Own enterprise information security access management, compliance and reporting across all levels in the organization
  2. Create and implement an information security access services vision, strategy, plan and processes for comprehensive and enterprise information security compliance framework that assesses and monitors compliance to information security policy/standards
  3. Reports information security non-compliance to appropriate IT leadership at all levels in the organization to drive compliance and utilize risk management process when appropriate
  4. Drive implementation of information security controls across the operating model globally, including internal teams/processes and outside service providers
  5. Define, coordinate, and implement projects and/or mechanisms that drive consistency and maturity of the information security access management and control program across the organization while utilizing the BISO network
  6. Create enterprise scorecards, metrics, and reporting capabilities to evaluate corporate/sector compliance while collaborating with the global information security group analytics and insights team to identify potential trends, themes, or other relevant insights
  7. Conduct independent assessment of the information security access compliance and controls
  8. Collaborate with information security coordinators to ensure SOX and other key controls are established and maintained effectively
  9. Collaborate as a member of the information security policy/standards review committee to influence policy and standards
  10. Partner with Information Security governance organization to tracking and governance of audit findings related to global information security access management. Ensure findings are remediated timely, scorecard and perform trend analysis
  11. Proactively communicate with working teams assigned to global audit findings from internal or external audit teams to influence progress, understand status of remediation and highlight risks and delays to IT controls management
  12. Provide management reporting, analysis and communication of issues, progress and accomplishments including coordination/conducting periodic operating, steering committee and leadership meetings
  13. Develop suggestions for remediation alternatives and mitigating controls when remediation activities fall off-track. Prepare ad-hoc summaries of outstanding risk and considerations for leadership
  14. Act as liaison for information security related access management compliance
  15. Perform process walk-through sessions for all access sub-processes to identify all potential risk points, supporting operational activities and formal compliance and controls
  16. Document end-to-end access sub-process risk and compliance maps complete with enhancement recommendations
  17. Consult with key stakeholders on miscellaneous discussions related to access and compliance enhancement opportunities



  • Bachelor's or Advanced degree
  • Relevant certification (e.g., CISA, CISSP, CISM, et al.) preferred.

  • 5+ years of experience as a Security Architect
  • 10+ years’ experience in Information Security Access Management with Strategy and Compliance/Controls/Governance
  • Experience in risk assessments, strategy, compliance, governance, remediation, status reporting across all levels in the organization

Knowledge Base:
  • In-depth understanding of the key principals behind PepsiCo’s Policies and Standards, PepsiCo’s Global Control Standard (GCS), NIST, SOX, COSO, and COBIT for application of those principals to business process
  • In-depth knowledge of Information Security Access Management, Risk Assessment methodologies and execution, and Compliance
  • Strong understanding of IT concepts (logical access, network, information security)
  • Strong understanding of business processes, risks and related controls, governance and compliance
  • Ability to self-define strategy and develop plans to deliver results within an ambiguous/undefined environment
  • Self-starter who demonstrates leadership skills and thought leadership across Access Management
  • Ability to analyze and document system processes
  • Ability to manage multiple competing priorities and work across multiple organizations, sectors and teams
  • Excellent interpersonal, verbal, and written communication and presentation skills
  • Proficient in Microsoft Excel, PowerPoint and Visio
  • Ability to lead/direct associates (internal and vendor) with and without managerial authority
  • Ability to create executive level presentations and correspondences

Relocation Eligible: Eligible for Limited Relocation
Job Type: Regular

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

For San Francisco Bay Area: Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance.

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy

Please view our Pay Transparency Statement