Senior Manager, Third-Party Risk Management

Company: Pepsico
Location: Plano
Posted on: April 8, 2021

Job Description:

Job DescriptionPepsiCo does not offer visa sponsorship for this role Auto req ID: 226568BR Job Description Our Information Security Group at PepsiCo is looking for a cybersecurity thought leader, influencer, security advocate, and driver of change, to join our very exciting journey to manage cybersecurity risks for PepsiCo and all our partners around the world. The Third-Party Information Security Compliance Senior Manager will be responsible for leading and managing the information security efforts and team that determine functional and technical risks related to the use, processing, storage, and transmission of information to and from those third-party entities engaged by PepsiCo globally. As the Senior Manager, Third-Party Information Security Risk Management team, you will lead and manage a global team to institutionalize and implement a full life-cycle governance risk and compliance framework related to PepsiCo's global third parties. This includes tasks such as providing strategic oversight and direction of the third-party security assessment program to adapt it to the changing threat landscape and always keep it relevant, continuously advocating for the success of our business by partnering with multiple organizations, leading a team of global assessors responsible for executing risk-based information security risk assessments of PepsiCo's third parties, collaborating with global procurement and legal teams to facilitate the inclusion of Information Security Requirements in third-party contracts, developing and tracking key performance indicators and operational/ executive metrics, communicating third-party assessment issue and results to both IT and Business executives, and advocating for the importance of third-party information security risk management as it pertains to the various services provided by third parties to PepsiCo. Responsibilities for this position include: * Lead and manage third-party information security risk assessors based around the world responsible for executing risk-based information security assessments of the thousands of PepsiCo's global third parties. Day-to-day people management and leadership. * Provide thought-leadership and consultation to the organization related to the information (cyber) security posture of third parties through the assessed functional and technical risks related to the use, processing, storage and transmission of information to and from those third-party entities that impact PepsiCo globally (both in our corporate and manufacturing environments). * Support Global Procurement (IT and non-IT), Legal, and business procurement teams by translating technical information into practical business considerations when reviewing changes to the standard PepsiCo Information Security Requirements in third-party contracts, and participating in the negotiation of requirements with third-party representatives. * Develop rapport with global technology and management leaders responsible for third-party relationships to ensure effective cooperation throughout the assessment lifecycle and ownership of assessment results. * Oversee ongoing information security risk assessments to ensure each is technically sound and provides value-added results on the risks and vulnerabilities of third parties (in both corporate and manufacturing environments), including recommendations to mitigate the risks identified in the assessments. * Create and present executive level presentations that inform and influence leadership. * Partner with third-party executives and cybersecurity staff members to suggest/recommend potential mitigation solutions for risk areas, leveraging a broad view of the strategic direction of the business. * Facilitate alignment across diverse third parties and business units, and lead key strategic initiatives, to reduce third-party risks to PepsiCo globally. * Lead third-party onsite assessments by setting the collaborative and strategic tone with the third parties and representing PepsiCo's business interest in the upmost professional manner. Role can be based out of Plano, TX and Purchase, NY AF- Tech Qualifications/Requirements * Bachelor's degree or higher Experience: * 8+ years of experience in third-party information security risk/ compliance/ governance, IT audit, and/or Enterprise Risk Management. * 8+ years of technical or project management experience across various technologies and architectures including web, networks, infrastructure, applications, and/or information security. * 5+ years of experience with regulatory compliance and information security management frameworks (e.g., IS0 27000/27001, COBIT, NIST 800, NISCT CSF, etc.). * 2+ years of direct technical experience with one or more security-related regulatory or industry standards (HIPAA/HITECH, SOX, PCI-DSS, GDPR, CCPA, etc.). * One certification of the following highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk a

Keywords: Pepsico, Plano , Senior Manager, Third-Party Risk Management, Executive , Plano, Texas