Do you want to be part of one of the most important foods and beverages companies of the world?
PepsiCo is a global leader in foods and beverages with a portfolio of 22 global brands that generate more one billion dollars per year. Today we are looking for our next:
Mexico Security Integration Lead
The Security Integration Lead is responsible for information security risk and management processes within Pepsico Mexico Foods and Pepsico Brasil Foods including but not limited to security risk and exception analysis, information security work in-take processes, support for cyber security awareness initiatives, collaboration on development of remediation plans, and data protection activities. The role also ensures security incident management and processes are given appropriate focus, assist with escalations and are handled expeditiously as per defined SLAs.
- The Security Integration Lead is responsible for Policy & Standards enforcement within the regions. Act as the primary contact within their region for security work intakes, business demand and collecting local regulatory requirements.
- Act as a primary contact for data protection program within the region, ensure all current/legacy systems are mapped and required controls are identified and ensure a plan is developed to remediate control deficiencies identified.
- This role will drive analysis and remediation of security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.
- This role supports the Sector Patching Coordinator on remediation activities within the regions and ensuring required downtime to meet remediation requirements is arranged. Also responsible to work with the Third Party locally on websites security remediation.
- Guarantee there is an operational support model to provide next level support for regions to all security systems and their corresponding or associated software, tools or applications.
- Assess security level within the regions and report status to Sector BISO
- Collaborate with HCL and Compute teams to ensure required non-SOX (MMSF included) evidences are ready and effective to cover Security non-SOX controls.
- Conduct and manage investigations and requirements from Audit / Legal / HR in the regions as needed.
- Engage with key stakeholders to ensure that processes and initiatives operate within the documented security org framework, monitor security policy/standards compliance, and InfoSec strategy is understood and communicated
- Support and track sector based security exception process and remediation
- Review and sign-off on ISSR completion
- Partner with Manufacturing OT and IT team for InfoSec engagement activities and partner awareness
- Identify Stakeholder resistance and barriers and tighten the cohesion between business and infosec
- Represent BISO team through security awareness and presentations
- Engages with BRM and Project owners throughout the project lifecycle as oversight and monitoring for ISSR service delivery and process management
- Perform sector risk and user impact for cybersecurity related projects and coordinate comms related tasks (translation, training, support, request for change, support model, etc)
- Assist on the delivery of Cyber Security program initiatives within the regions through InfoSec PMO and Compliance Lead alignment to manage sector security initiatives
- Support of vulnerability remediation plan development and owner identification (e.g., manufacturing security assessments, security exceptions)
- Leading exception risk management through exception initiation, stakeholder identification, compliance gaps, remediation plan recommendations, potential solutions and sign-off activities
- Oversees and tracks successful implementation of agreed to Exceptions' remediation plans and timelines
- Develop and implement strategies for engaging business functions on information security matters and gain buy-in
- Responsible for educating business functions on InfoSec services and processes
- Partners and supports Security Awareness Training team and local HR teams to meet security awareness training targets
- Perform local security awareness initiatives such as clean desk exercise to reinforce and promote security standards compliance
- Supports IR in driving awareness and remediation of security compliance related incidents locally to include engagement of appropriate stakeholders
- Support Data Protection Evaluation and Recertification program through BRM engagement and coordination of activities
- Provide feedback on security requirements (by data class) during AOP
- Assist Security Assurance and project teams in security requirements' funding estimates for CAPEX/Projects
- Collaborate with and support Third Party Security Risk Management team on assessments, issues, escalations and remediation
In PepsiCo, we are committed to offer equal development opportunities to all the candidates, no matter the religion, race, sexual orientation, nationality, age, etc. We respect and appreciate the diversity as a workforce and innovation to the organization.
If you have the profile that we are looking, send us your CV by this via, if it's possible that you can participate in this process we will contact you ASAP, if not we will keep your info in our base data for 6 months.
Thank you so much for your interest in PepsiCo!
Experience and profile
- Bachelor’s degree required.
- 6 – 8 years of related IT Security business work experience.
- CISM, CISSP certifications are a desired state.
- Knowledge of Processes (ITIL), V3 Certification is a desired state.
- Knowledge of Project Management methodologies (SDLC).
- English written / Spoken 90%.
Job Type: Indefinido