Sr. Analyst, Information Security

Company: PepsiCo
Location: Plano
Posted on: May 13, 2022

Job Description:

Auto req ID: 272997BRJob DescriptionOur Information Security Group at PepsiCo is looking for information/ cyber security professionals to join our very exciting journey to manage information/ cyber security risks for PepsiCo as we engage thousands of third parties around the world. The Third-Party Information/ Cyber Security Compliance Senior Analyst will be responsible for assessing information (cyber) security to determine functional and technical risks to PepsiCo's assets related to the access, use, processing, storage and transmission of information to and from those third parties that impact PepsiCo globally.Accountabilities:The key responsibilities of the role are as follows:--- Assess the information (cyber) security inherent risk of all TPSRM assessment requests to prioritize and determine the third-party engagements that require further detailed assessments to identify functional and technical risks related to the use, processing, storage, and transmission of information to and from those third parties that impact PepsiCo globally.--- Manage all work intake requests into our TPSRM organization, ensuring the proper information is provided, coaching and explaining all requestors globally of the need to initiative the process, and deciding whether or not the requestor has provided the proper and quality information to pursue to the next step in the process.--- Proactively develop productive relations/ partnerships with all technical and management requestors of TPSRM assessments to ensure a positive experience throughout the life of the TPSRM assessment.--- Conduct information security risk assessments (functional/technical) of third parties to identify vulnerabilities, risks, compliance with PepsiCo guidelines and industry leading practices, and protection needs in order to generate a risk rating, suggest potential functional and technical mitigations, and brief stakeholders (third parties, business sponsors, management) of the results and actions required.--- Monitor and drive assessment performance of the team members to maintain consistency and within expectations and SLAs by developing, maintaining, tracking, and reporting (Executive/ KPI/ Operational) metrics, and holding assessors accountable for their assessments and resolution of the issues they identify.--- Apply technical expertise to evaluate a wide variety of technologies/architectures utilized by third parties to understand impacts/risks to PepsiCo and provide more accurate inherent risk ratings for our third parties.--- Present findings (functional/technical) to various stakeholders and levels throughout the organization.--- Partner with third parties to suggest/recommend potential mitigation solutions for risk areas.--- Determine information security requirements/leading practices for new technical/functional areas of assessments to improve our work intake and inherent risk computations.--- Coordinate and effectively drive peers during the weekly TPSRM staff meetings related to metrics discussions and TPSRM initiative status.--- COVID-19 vaccination is a condition of employment for this role. Please note that all such company vaccine requirements provide the opportunity to request an approved accommodation or exemption under applicable law.Qualifications/RequirementsCandidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly effective in the role. These skills and competencies include:Mandatory Technical Skills:Technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, mobile devices, and information (cyber) security, allowing this role to provide technical support to other members of the organization.Technical and functional understanding of various information security solutions, technologies and industry-leading practices, allowing this role to support key technical and business decisions.Technical ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.Bachelor of Sciences degree, Master's degree preferable.Microsoft Excel, World, and PowerPoint skills to develop ad hoc reports to manage the reports and the metrics.Knowledge and experience working with GRC (Governance, Risk Management, and Compliance) tools such as Archer and ServiceNow.Mandatory Non-Technical Skills:Independent thinker and strong self-motivator, with the ability to collaborate with virtual teams and influence decision making.Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business, allowing them to meet their strategic objectives.Strong verbal and written communication skills that positively builds relationships with key businesses' and third parties' stakeholders, proactively paving the road for influencing the actions taken by these stakeholders.Good prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part.Ability to work on several tasks simultaneously.Good decision-making capabilities, with a proven ability and common-sense to weigh the relative costs and benefits of potential actions and identify the most appropriate one.Ability to influence others and encourage peers and superiors to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.Desired Qualifications:At least one of the following certifications is highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).2+ years of experience in Cyber (Information) Security.2+ year of experience in Third-Party compliance and/or governance.3+ years of technical experience across various technologies and architectures including web, software development, networks, infrastructure, mobility, computer applications, and information security.Relocation Eligible: Not Eligible for RelocationJob Type: RegularAll qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender IdentityOur Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO PolicyPlease view our Pay Transparency Statement

Keywords: PepsiCo, Plano , Sr. Analyst, Information Security, Professions , Plano, Texas