At PepsiCo it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and recognize the everyday contributions our talented security professionals make.
The Policy and Standards Specialist be focused on ensuring the Information Security Policy and Standards within PepsiCo are kept up to date, are accessible to all associates, and provide guidance on interpretation. The role will facilitate the annual review cycle and overall change management of policy and standards. They will be responsible for facilitating the creation of security technical standards and guidelines, ensuring consistency across documents in both content and style. They will partner with legal to review upcoming legislation and regulations and perform gap analysis against the current standards set. This role will also be the lead contact for the GRC tool policy and standard module.
- Lead development and maintenance of Information Security Policies and Standards
- Expert in PepsiCo Information Security Policy and Standards and understanding of any global deviations to the standards
- Expert in alignment of policy and standards with the NIST Cybersecurity Framework
- Expert in alignment of policy and standards to PepsiCo Information Security controls
- Within the Information Security Standards:
- Identify and recommend Security Standards that need to be altered or documented
- Develop/Maintain metrics on standards to allow aggregated risk to be measured
- Work with Exceptions team to identify exception patterns and recommend adjustments to standards as needed to create efficiencies within process
- Evaluate requests for standards and supporting documents and be able to provide recommendation and justification, to Sr. Manager and Director
- Ability to gain alignment with across teams on changes and additions to standards
- Ability to influence and inform PepsiCo Leadership (up to the VP level) on the impact of the policy or standard request to the organizational security posture.
- Bachelor's degree in Cyber Security, Computer Information Systems, Computer Science, or other STEM equivalent required.
- CISSP or CISM certification a plus
- 5 years of experience working in the Risk and Compliance area
- 2+ years experience developing content aligned to the NIST Cybersecurity Framework
- Strong technical writing background
- Experience working in a global environment
- Self-starter who demonstrates leadership skills and takes initiative
- Ability to manage multiple priorities and work across multiple organizations, sectors and teams
- Strong communication skills and ability to interact effectively with teams throughout the world
- Excellent verbal and written communication skills
- Willing/"can do" attitude and consensus builder
Job Type: Regular
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity
Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy
Please view our Pay Transparency Statement