The PepsiCo Information Security Group is looking for cyber/ information security professionals to join our exciting journey to help manage cyber security risks for PepsiCo. The Global 3rd Party Cyber Security Risk and Compliance Specialist will be responsible for assessing information (cyber) security to determine functional and technical risks related to the use, processing, storage, access, and transmission of information to and from those 3rd party entities that impact PepsiCo globally.
The role of the Information Security Risk and Compliance Specialist will implement full life cycle compliance and governance framework for 3rd parties. This position will also conduct on-site assessments as needed. This role is a blend of functional, business, and cyber technical skills that enable a deep dive into the solution architecture to verify 3rd parties' information security capabilities.
- Own 3rd party reviews (functional/technical) throughout the entire information security assessment life cycle.
- Conduct information security risk and vulnerability assessments (functional/technical) of 3rd parties to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
- Apply technical expertise to drill deep down into a wide variety of technologies/architectures utilized by 3rd parties to understand impacts/risks to PepsiCo.
- Determine information security requirements/leading practices for new technical/functional areas of assessments.
- Assess 3rd party information security risk posture to ensure compliance with PepsiCo guidelines and industry leading practices.
- Present findings (functional/technical) to various stakeholders and levels throughout the organization.
- Partner with third parties to suggest/recommend potential mitigation solutions for risk areas and track them to resolution.
- Facilitate alignment across diverse parties and business units.
- Perform 3rd party onsite assessments as required.
- Support our Procurement and Legal teams to ensure contracts contain required Information Security language.
- Contribute to development and reporting of metrics, and mentor other team members.
- Bachelor's degree, master's degree preferable.
- Minimum of 3 years of experience in Cyber (Information) Security.
- 3+ years of experience in 3rd Party compliance and/or governance.
- 3+ years of technical experience across various technologies and architectures including web, networks, infrastructure, mobility, computer applications, and information security.
- Certified Information Systems Security Professional (CISSP) or similar certifications.
- 3+ years of experience in an IT Audit, Enterprise Risk Management (ERM), or Information Security Risk Assessment role.
- 3+ years of experience with legal / regulatory compliance and information security management frameworks (e.g., IS0 27000/27001, COBIT, NIST 800, etc.).
- 1+ years direct technical experience with one or more security-related regulatory or industry standards (HIPAA/HITECH, SOx, PCI-DSS, etc.).
- Advance Microsoft Excel spreadsheet skills.
- Experience working with GRC (Governance, Risk, and Compliance) tools such as RSA Archer.
Not Eligible for Relocation