Will consider applicants in the following locations: Plano, Chicago, Purchase (NY), and Winston-Salem, North Carolina
Our Information Security Group at PepsiCo is looking for cyber security professionals to join our very exciting journey to assess the cyber security risks at PepsiCo's manufacturing plants. The Manufacturing Cyber Security Risk and Compliance Senior Specialist will be responsible for assessing information (cyber) security to determine functional and technical risks related to the use, processing, storage and transmission of information to and from PepsiCo's manufacturing and distribution plants globally. Responsibilities: The key responsibilities of the role are as follows:
- Conduct information security risk and vulnerability assessments (functional/technical) of PepsiCo's manufacturing and distribution plants to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
- Apply technical expertise to drill deep down into a wide variety of OT technologies/architectures utilized within the manufacturing and distribution plants. This includes SCADA (Supervisory Control and Data Acquisition) systems and other ICS (Industrial Control Systems) to understand impacts/risks to PepsiCo.
- Determine information security requirements/leading practices for new technical/functional areas of assessments.
- Contribute to the development of information security standards and policies applicable to our manufacturing and distribution plants that meet the business requirements while ensuring compliance with PepsiCo guidelines and industry leading practices.
- Present findings (functional/technical) to various stakeholders and levels throughout the organization.
- Partner with Plant Engineering, OT, and IT organizations to suggest/recommend potential mitigation solutions for risk areas.
- Strong verbal and written communication skills that positively impact relationships with key personnel from manufacturing and distribution plants.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly-effective in the role. These skills and competencies include:
- Bachelor's degree, master's degree preferable (in a technical area).
- Understanding of tools and technologies used for Industrial Control Systems and enterprise security.
- Familiarity with the critical tools used in security event analysis, incident response, computer forensics, malware analysis, penetration testing, and other areas of security operations.
- Fundamental knowledge of common security industry standards and frameworks such as: ISO 27001/27002, NIST (SP-800-53 or SP-800-82), COBIT, HIPAA / HITECH, FISMA, FIPS, or NERC. especially as it relates to the following:
- Building an Information Security Management System and/or Program.
- Managing internal controls, risk assessments, business process and internal IT / OT control testing or operational auditing.
- Proven ability and understanding of the components that comprise a successful Industrial Control Systems security program.
- 5+ years of experience in Cyber (Information) Security.
- 5+ years of experience on OT (Operations Technology) environments in manufacturing and distribution plants dealing with ICS (Industrial Control Systems) such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems), and PCS (Process Control Systems).
- Knowledge of RTU (Remote Terminal Unit) and PLC (Programmable Logic Controller) systems.
- 5+ years of technical experience across various technologies and architectures including network switching and routing (TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.), firewall and gateway configurations, mobility and wireless knowledge including WiFi and Radio Frequency (RF) networks, Internet of Things, and network data/packet capture and analysis.
- Active professional information security certifications (e.g., CISSP, CRISC, GICSP, GIAC, CHE, OSCP).
Not Eligible for Relocation