Cybersecurity GRC Assoc Principal

About The Position

Requirements

• In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and cybersecurity.
• Strong understanding of information security frameworks, regulations, and standards such as NIST CSF, NIST 800-53, CIS, and ISO 27002.
• Proficient in ServiceNow, with the ability to leverage its modules for information gathering, and data analysis
• Strong skills in developing ad hoc reports and managing metrics.
• Knowledge of general cloud security principles.
• Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards.
• Establish a reputation as a trusted adviser, providing expert guidance on information security matters.
• Strong presence to represent PepsiCo Cybersecurity in complex situations with business and IT partners.
• Ability to collaborate with various stakeholders, including business units and product managers.
• Ability to quickly learn legal, cybersecurity, and privacy requirements in different regions of the world.
• Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part.
• Strong problem-solving and analytical capabilities.
• Bachelor’s degree in Cybersecurity, Computer Information Systems, Computer Science, or other STEM equivalent
• A minimum of 5 years of experience in Information Security, IT Risk Management, Project Management or similar role

Nice To Haves

• Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation, a plus.
• Relevant certifications (CISSP, CISM, CRISC, or similar) are a plus.

Responsibilities

• Identify, quantify, and communicate technology risks impacting the business, recommending remediations and trends.
• Review IT and Information Security systems and recommend paths to eliminate identified risks and implement compensating controls.
• Conduct risk-based assessments and prioritize and address security risks.
• Utilize knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture.
• Collaborate with various IT and Business teams to ensure they are knowledgeable about Cybersecurity processes and requirements, influencing them to eliminate or reduce risks.
• Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness.
• Manage operational metrics related to the risk and exceptions processes, utilizing ServiceNow and Power BI for advanced reporting, tracking exceptions and risk trends, and developing corrective action plans.
• Govern cybersecurity risks and exceptions, tracking process metrics, while driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Also, provide inputs regarding the Cybersecurity standards while also having a strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002

Benefits

• The expected compensation range for this position is between $93,500 - $156,450.
• Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.