Lead Controls & Compliance Specialist

Job Description

Auto req ID: 190473BR

Job Description

Imagine when YOUR “Creative Solutions” MEETS OUR Thirst for Innovation

At PepsiCo it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and recognize the everyday contributions our talented security professionals make.

PepsiCo Information Security is seeking a self-motivated, Lead Controls & Compliance Specialist, who will be responsible for leading the implementation and continued advancement of the integrated Information Security controls framework. This role is responsible for the development, sustainment, and testing of security controls for both Sarbanes-Oxley (SOX) and operational controls, in alignment with the PepsiCo IT Controls framework. The ideal candidate will apply a broad knowledge of IT and cyber security audit principles, practices, and procedures to lead the work of the team, as well as prepare well documented workpapers, effectively communicate findings and make recommendations.

The position is:

  • Responsible for leading the design, implementation, and sustainment of the enhanced Information Security controls framework and associated processes
  • Acts as a source of direction, training, and guidance for less experienced staff
  • Responsible for planning, execution, and completion of controls testing activities for Information Security SOX and operational controls
  • Responsible for documenting test steps, methodology, work performed and summarized test results
  • Responsible for the continued advancement of the Information Security controls framework through continual controls environment evaluation, relative to industry best practices and regulatory requirements, in alignment with the risk appetite and business requirements
  • Responsible for collaborating with various stakeholders across the organization in managing the lifecycle of a control, including new controls, modification to existing controls, or retirement of existing controls



  • Bachelor's degree in Audit, Cybersecurity, Information Assurance and Security, Information Technologies, or Accounting is preferred

  • 5+ years of professional experience working with controls – development and testing, preferred experience with Information Security or IT controls
  • 6+ years of experience with regulatory compliance, including information security management frameworks (e.g., SOX, NIST CSF, ISO2700x, COBIT, PCI, SANS Top 20 Critical Security Controls)
  • Proven experience designing, documenting, and implementing a control environment
  • Proven experience testing and assessing control operation and design effectiveness, including risk mitigation
  • Experience leading a team, where you may/may not have formal reporting responsibility
  • Experience presenting results to stakeholders, including having difficult discussions regarding findings
  • Must possess excellent oral and written communication skills

An ideal candidate is:
  • Able to understand information security risks
  • Able to effectively facilitate risk/control identification/analysis discussions
  • Able to build trust and effectively communicate
  • Ability to prioritize and respond to problems or issues, maintain flexibility, and adapt to changes in the business environment
  • Understands effective control and/or mitigation options to manage risks
  • Able to effectively handle challenging situations with customers, team members, and management
  • Able to present effectively using several reporting and presentation tools, such as Microsoft PowerPoint and RSA Archer

Relocation Eligible: Not Applicable
Job Type: Regular

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy

Please view our Pay Transparency Statement