PepsiCo, Inc.
Published
September 3, 2021
Location
Plano, Texas
Job Type
Apply on Website

Description

Job Description : At PepsiCo, it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and we recognize the everyday contributions our talented security professionals make.

Security Technical Risk Lead:

The Security Technical Risk Lead is responsible for information security risk and technical security analysis within the sector/functional area.  This role will provide the technical capability to the organization and will partner with the Compliance and Integration Leads.

In this role you will:

  • Be the primary technical security contact within their region/functional area for security risk analysis, gap identification, and mitigation/remediation activities
  • Assist Attack Surface Management and Global Digital Connections teams when working with third parties locally on website/mobile security remediation
  • Manage, and escalate and provide appropriate, informed recommendations on security gaps/opportunities within the region/functional area to team members
  • Engage with key stakeholders to ensure that processes and initiatives operate within the documented security org framework, monitor security policy/standards compliance, and Information Security strategy is understood and communicated
  • Acts as the technical subject matter expert on all security initiatives leverage existing global security technology and products to solve problems and assists the global project teams with testing, deployment, and execution of new initiatives (e.g. pilots, POC’s, other) within the sector/functional area
  • Interface with the BRM/CIO organization and the InfoSec Engineering Solutions Architects to deliver secure business solutions
  • Support model design and drafting of documentation/runbooks for new security services in collaboration with (for example) Security Solutions, Engineering and Architecture teams
  • The Security Technical Risk Lead is the primary technical security contact within their region/functional area for security risk analysis, gap identification, and mitigation/remediation activities
  • Assist Attack Surface Management and Global Digital Connections teams when working with third parties locally on website/mobile security remediation
  • Manage, and escalate and provide appropriate, informed recommendations on security gaps/opportunities within the region/functional area to team members
  • Engage with key stakeholders to ensure that processes and initiatives operate within the documented security org framework, monitor security policy/standards compliance, and Information Security strategy is understood and communicated
  • Identify Stakeholder resistance and barriers and tighten the cohesion between business and Information Security
  • Acts as the technical subject matter expert on all security initiatives leverage existing global security technology and products to solve problems and assists the global project teams with testing, deployment, and execution of new initiatives (e.g. pilots, POC’s, other) within the sector/functional area
  • Works with all members of the Information Security sector and global functions organization to understand the security impact of complex technical issues (i.e., vulnerability remediation, incident response, new project/program capabilities)
  • Analysis and research into sector/functional area security operational metrics to understand causality and differentiating factors in consultation with InfoSec, SDM’s, and Operations to drive strategy and approach to the prioritization and mitigation of risk
  • Interface with the BRM/CIO organization and the InfoSec Engineering Solutions Architects to deliver secure business solutions
  • Support model design and drafting of documentation/runbooks for new security services in collaboration with (for example) Security Solutions, Engineering and Architecture teams
  • Develop and implement strategies for engaging business functions on information security technical matters and gain buy-in
  • Build technical FAQs and other communications resources on Information Security programs, initiatives, capabilities and risk in consultationcollaboration with SMEs and functional capability owners
  • Support of vulnerability mitigation and remediation plan development
  • Act as a trusted advisor in the exception risk management process to include articulating risk and vulnerability information, determining mitigating controls, and assist in remediation plan development
  • Participates in educating business functions on Information Security services and processes
  • Participates and provides guidance specific to Incident After Action Engagement Program and post-incident activities
  • Provide feedback on security requirements during planning cycles
  • Collaborate with and support OT and Third-Party Security Risk Management team on assessments, issues, and remediation
Qualifications / Requirements :
  • Bachelor’s degree required

Experience:

  • 7+ years as IT Security Architect/Engineer or similar experience
  • Experience with security architecture, application risk analysis, vulnerability management, data classification, CIS Top 20 Critical Controls
  • CISM, CISSP, GIAC certifications preferred
  • Well versed in NIST Cybersecurity Framework
  • Ability to translate highly technical information into plain language
  • Strong understanding of both IT and Information Security goals and objectives
  • Experience working in a team-oriented, collaborative environment
  • Ability to manage multiple priorities and work across multiple organizations and teams

Related Jobs

September 3, 2021

Pin It on Pinterest