Info Security Assoc Manager

Overview
We Are PepsiCo
Join PepsiCo and Dare for Better We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place.

Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries.

Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years.

A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world.

Know more:
PepsiCoJobs

Join PepsiCo, dare for better.
Responsibilities
The Opportunity
The
Info Security Assoc Manager
is responsible for safeguarding PepsiCo's digital assets by assessing the compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation.

Your Impact
As
Info Security Assoc Manager
scope would consist of:

• Security Design Expertise: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential.
• Compliance Assessment: Assess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards.
• Risk Communication: Identify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders.
• Project Lifecycle Reviews: Review IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls.
• Automated Risk Assessments: Conduct risk-based assessments using automated tools and techniques to prioritize and address security risks.
• Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture.
• Collaboration and Education: Collaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks.
• ServiceNow Utilization: Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness.
• Metrics Management and Reporting: Manage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans.
• Process Improvement and Proactive Security: Govern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process.

Qualifications
Who Are We Looking For?

• A minimum of 5 years of experience in Information Security, IT Risk Management, or a similar role.
• Advanced conversational English is a must.

Mandatory Technical Skills:

• In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security.
• Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, MITRE ATT&CK, and ISO 27002.
• Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service.
• Experience in threat modeling and applying threat modeling methodologies in previous roles.
• Proficient in Power BI for developing reports and dashboards to support data-driven decision-making.
• Strong skills in developing ad hoc reports and managing metrics.
• Knowledge of AWS, Azure, Salesforce, ServiceNow, SAP, and general cloud and ERP security principles.
• Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation.

Mandatory Non-Technical Skills:

• Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards.
• Established a reputation as a trusted adviser, providing expert guidance on information security matters.
• Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners.
• Ability to collaborate with various stakeholders, including business units and product managers.

Preferred Competencies:

• Relevant certifications (CISSP, CISM, CRISC, or similar) are a plus.
• Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners.
• Ability to quickly learn legal, information security, and privacy requirements in different regions of the world.
• Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong problem-solving and analytical capabilities.
• Ability to collaborate with various stakeholders, including business units and product managers.

If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements.

What can you expect from us:

• Opportunities to learn and develop every day through a wide range of programs.
• Internal digital platforms that promote self-learning.
• Development programs according to Leadership skills.
• Specialized training according to the role.
• Learning experiences with internal and external providers.
• We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others.
• Financial wellness programs that will help you reach your goals in all stages of life.
• A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle.
• And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others.

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.