Careers to Smile About

At PepsiCo, you’ll discover a place where our mission is to create smiles around the world. With a portfolio of more than 500 beloved brands including, Gatorade, Lay’s and Quaker, our work touches millions of people every day.

At the heart of the company is a team of thinkers, creators, and problem-solvers who collaborate to innovate and turn ideas into action. Driven by innovation and a focus on creating joyful moments through food and drinks, our decisions are guided by consumer centricity, creating opportunities for our associates to do meaningful work and make a lasting impact in the communities we serve.

Whatever your role, you’ll be part of a global community that values your ideas and empowers you to make an impact, on your career and on the world around you.

The Opportunity

Our Information Security Group at PepsiCo is looking for information/ cyber security professionals to join our very exciting journey to manage information/ cyber security risks for PepsiCo as we engage thousands of third parties around the world. The Third-Party Information/ Cyber Security Compliance Associate Specialist will be responsible for assessing information (cyber) security to determine functional and technical risks to PepsiCo’s assets related to the access, use, processing, storage and transmission of information to and from those third parties that impact PepsiCo globally.

Your Impact

As Cybersecurity GRC Assoc-Principal your scope would consist of:

• Provide suggestions and assess information (cyber) security posture to determine functional and technical risks related to the use, processing, storage, and transmission of information to and from those third parties that impact PepsiCo globally, as well as our manufacturing plants.
• Own third-party reviews (functional/technical) throughout the entire assessment life cycle.
• Conduct information security risk and vulnerability assessments (functional/technical) of third parties (including Mergers and Acquisitions, OT third parties, and PCI-subjected entities) to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
• Apply technical and architectural expertise to drill deep down into a wide variety of technologies/architectures utilized by third parties to understand impacts/risks to PepsiCo.
• Determine information security requirements/leading practices for new technical/functional areas of assessments, and work in industry forums to advance PepsiCo’s program and cyber maturity.
• Assess third-party information security risk posture (functional/technical) to ensure compliance with PepsiCo guidelines and industry leading practices.
• Present findings (functional/technical) to various stakeholders and levels throughout the organization.
• Partner with business and third parties to suggest/recommend potential mitigation solutions for risk areas.
• Facilitate alignment across diverse parties and business units and lead key strategic initiative that allow to reduce third-party risks to PepsiCo.
• Lead, coordinate, and drive third-party onsite visits to perform thorough assessments by setting the collaborative and strategic tone with the third parties and represent PepsiCo’s business interest in the upmost professional manner.
• Determine information security requirements/leading practices for new technical/functional areas of assessments.
• Coordinate peer assessors’ efforts to ensure proper expectations and consistent processes are performed by all the team.
• Proactively develop productive relations with technical and management leaders to own third-party reviews (functional/technical) throughout the entire assessment life cycle.
• Collaborate and contribute to the PCI-DSS assessments in PepsiCo, including process improvements and integration of governance activities with the rest of the PepsiCo assessment processes.
• Support Global Procurement (IT and non-IT) and business procurement teams by reviewing changes to the standard PepsiCo Information Security Requirements in third-party contracts and participate in the negotiation of requirements with third-party representatives.

Who Are We Looking For?

• 6-8+ year of experience in third-party information security risk compliance and/or governance.
• 6-8+ years of technical experience across various information security related areas.
• Ability to partner and influence business stakeholders and third parties around the world to support assessments, modify opinions / plans / behaviors.
• Strong communication skills in English and Spanish that enables cyber security, Information Technology (IT), Operational Technology (OT), Business Sponsors, and Business Relationship Managers discussions regarding the assessment process and results.
• Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts.
• Ability to quickly learn legal, information security, and privacy requirements in different regions of the world.
• Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient information security services to the business.
• An ability to work on several tasks simultaneously.
• Strong presence to represent PepsiCo in complex situations with our third parties.
• Experience performing team leadership roles or managing people.
• Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security.
• Ability to influence and convince peers, executives, and members of other organizations about suggestions and proposals to move ahead with TPSRM assessments.
• Demonstrated commitment to support and live the 7 behaviors in The PepsiCo Way.
• At least one of the following certifications is desirable but not required: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).
• 5-7+ years direct experience with one or more security-related regulatory or industry standards (HIPAA/HITECH, SOX, PCI-DSS, etc.) a plus.

If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements.

What can you expect from us:

• Opportunities to learn and develop every day through a wide range of programs.
• Internal digital platforms that promote self-learning.
• Development programs according to Leadership skills.
• Specialized training according to the role.
• Learning experiences with internal and external providers.
• We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others.
• Financial wellness programs that will help you reach your goals in all stages of life.
• A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle.
• And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others.

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.