Vacancy expired!
- The Information Security Assessment (ISA) Lead facilitates Information Security Assessment (ISA) and related processes.
- The ISA Lead assesses the compliance of the new / changing system against PepsiCo Information Security requirements, by overseeing the appropriate scoping of the ISA, technical evaluation of the solutions, initiation of the ISA sub-processes, and education of Information Security processes.
- The ISA team is a global team with associates located in each PepsiCo sector, assigned to support that sector.
- Assess new / changing application design and requirements and determine compliance with PepsiCo information security standards
- Assess the functional/technical project documentation and identify and validate the security requirements are included
- Engage with various IT/Business teams to ensure they are knowledgeable of Information Security processes and requirements
- Manage the operational metrics related to the ISA process
- Present project updates, exceptions, risks, and issues (functional/technical) to IT, Information Security and/or Business leadership as necessary
- Govern the Information Security services that are initiated from the ISA, including tracking of process metrics, identifying issues in the completion of the processes, escalating the issues to resolution, and ensuring a consistent and transparent customer experience throughout the ISA and related subprocesses
- Drive process improvement initiatives across the Information Security Services to improve the customer experience, efficiency, and effectiveness of the processes
- In-depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security, allowing this role to provide technical leadership and coaching to other members of the organization.
- In-depth knowledge of PepsiCo Information Security Policy, standards and technical specifications and how they should be implemented within applications and systems
- Proficient in ServiceNow IRM, Microsoft Excel, Word, and PowerPoint skills to develop ad hoc reports to manage the reports and the metrics.
- Knowledgeable of Security controls and requirements for broad IT system types (e.g., Cloud, Database, Network, etc.)
- Independent thinker and strong self-motivator, with the ability to collaborate with virtual teams and influence decision making
- Technical and business expertise to drive information security requirements
- Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business, allowing them to meet their strategic objectives.
- Comprehensive technical and functional understanding of various information security solutions, technologies and industry-leading practices, allowing this role to provide recommendations and support key decisions.
- Strong verbal and written communication skills that positively impact relationships with key business and third-party stakeholders, and proactively influence the actions taken by these stakeholders
- Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part
- An ability to work on several tasks simultaneously
- Strong decision-making capabilities, with a proven ability and common sense to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong ability to effectively influence others and lead peers and superiors to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication
- Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security.
- Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Ability to work with, partner, and influence business partners and third parties around the world to support assessments, modify opinions / plans / behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication
- Strong communication skills that enable cybersecurity, Information Technology (IT) and Business Sponsors discussions regarding the assessment process and results, while being able to clearly communicate key messages to our senior leaders in both PepsiCo and inside third parties
- Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part
- Ability to quickly learn legal, information security, and privacy requirements in different regions of the world
- Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient information security services to the business
- An ability to work on several tasks simultaneously
- Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners
- Experience performing team leadership roles or managing people
- Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security.
- Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance