Sr. Analyst, Information Security
Company: PepsiCo
Location: Plano
Posted on: May 13, 2022
|
|
Job Description:
Auto req ID: 272997BRJob DescriptionOur Information Security
Group at PepsiCo is looking for information/ cyber security
professionals to join our very exciting journey to manage
information/ cyber security risks for PepsiCo as we engage
thousands of third parties around the world. The Third-Party
Information/ Cyber Security Compliance Senior Analyst will be
responsible for assessing information (cyber) security to determine
functional and technical risks to PepsiCo's assets related to the
access, use, processing, storage and transmission of information to
and from those third parties that impact PepsiCo
globally.Accountabilities:The key responsibilities of the role are
as follows:--- Assess the information (cyber) security inherent
risk of all TPSRM assessment requests to prioritize and determine
the third-party engagements that require further detailed
assessments to identify functional and technical risks related to
the use, processing, storage, and transmission of information to
and from those third parties that impact PepsiCo globally.---
Manage all work intake requests into our TPSRM organization,
ensuring the proper information is provided, coaching and
explaining all requestors globally of the need to initiative the
process, and deciding whether or not the requestor has provided the
proper and quality information to pursue to the next step in the
process.--- Proactively develop productive relations/ partnerships
with all technical and management requestors of TPSRM assessments
to ensure a positive experience throughout the life of the TPSRM
assessment.--- Conduct information security risk assessments
(functional/technical) of third parties to identify
vulnerabilities, risks, compliance with PepsiCo guidelines and
industry leading practices, and protection needs in order to
generate a risk rating, suggest potential functional and technical
mitigations, and brief stakeholders (third parties, business
sponsors, management) of the results and actions required.---
Monitor and drive assessment performance of the team members to
maintain consistency and within expectations and SLAs by
developing, maintaining, tracking, and reporting (Executive/ KPI/
Operational) metrics, and holding assessors accountable for their
assessments and resolution of the issues they identify.--- Apply
technical expertise to evaluate a wide variety of
technologies/architectures utilized by third parties to understand
impacts/risks to PepsiCo and provide more accurate inherent risk
ratings for our third parties.--- Present findings
(functional/technical) to various stakeholders and levels
throughout the organization.--- Partner with third parties to
suggest/recommend potential mitigation solutions for risk areas.---
Determine information security requirements/leading practices for
new technical/functional areas of assessments to improve our work
intake and inherent risk computations.--- Coordinate and
effectively drive peers during the weekly TPSRM staff meetings
related to metrics discussions and TPSRM initiative status.---
COVID-19 vaccination is a condition of employment for this role.
Please note that all such company vaccine requirements provide the
opportunity to request an approved accommodation or exemption under
applicable law.Qualifications/RequirementsCandidates will be
evaluated based on their ability to perform the duties listed above
while demonstrating the functional and technical skills and
competencies necessary to be highly effective in the role. These
skills and competencies include:Mandatory Technical
Skills:Technical experience and knowledge of infrastructure
technologies, network, web, computing, cloud services, mobile
devices, and information (cyber) security, allowing this role to
provide technical support to other members of the
organization.Technical and functional understanding of various
information security solutions, technologies and industry-leading
practices, allowing this role to support key technical and business
decisions.Technical ability to identify and assess the severity and
potential impact of risks and communicate risk assessment findings
to risk owners outside Information Security. Communication should
consistently drive objectives, relying on fact-based decisions
about risk that optimize the trade-off between risk mitigation and
business performance.Bachelor of Sciences degree, Master's degree
preferable.Microsoft Excel, World, and PowerPoint skills to develop
ad hoc reports to manage the reports and the metrics.Knowledge and
experience working with GRC (Governance, Risk Management, and
Compliance) tools such as Archer and ServiceNow.Mandatory
Non-Technical Skills:Independent thinker and strong self-motivator,
with the ability to collaborate with virtual teams and influence
decision making.Strong understanding of business needs and
commitment to delivering high-quality, prompt, and efficient
service to the business, allowing them to meet their strategic
objectives.Strong verbal and written communication skills that
positively builds relationships with key businesses' and third
parties' stakeholders, proactively paving the road for influencing
the actions taken by these stakeholders.Good prioritization
capabilities, with an aptitude for breaking down complex work into
manageable parts, effectively assessing the priority and time
required to complete each part.Ability to work on several tasks
simultaneously.Good decision-making capabilities, with a proven
ability and common-sense to weigh the relative costs and benefits
of potential actions and identify the most appropriate one.Ability
to influence others and encourage peers and superiors to modify
their opinions, plans, or behaviors, with an emphasis on
collaborating across multiple teams and ensuring program needs are
satisfied through interpersonal and trusted communication.Desired
Qualifications:At least one of the following certifications is
highly desirable: Certified Information Systems Security
Professional (CISSP), Certified Information Systems Auditor (CISA),
Certified in Risk and Information Systems Control (CRISC),
Certified in the Governance of Enterprise IT (CGEIT), Certified
Information Security Manager (CISM).2+ years of experience in Cyber
(Information) Security.2+ year of experience in Third-Party
compliance and/or governance.3+ years of technical experience
across various technologies and architectures including web,
software development, networks, infrastructure, mobility, computer
applications, and information security.Relocation Eligible: Not
Eligible for RelocationJob Type: RegularAll qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, sexual orientation, gender identity, national
origin, protected veteran status, or disability status.PepsiCo is
an Equal Opportunity Employer: Female / Minority / Disability /
Protected Veteran / Sexual Orientation / Gender IdentityOur Company
will consider for employment qualified applicants with criminal
histories in a manner consistent with the requirements of the Fair
Credit Reporting Act, and all other applicable laws, including but
not limited to, San Francisco Police Code Sections 4901 - 4919,
commonly referred to as the San Francisco Fair Chance Ordinance;
and Chapter XVII, Article 9 of the Los Angeles Municipal Code,
commonly referred to as the Fair Chance Initiative for Hiring
Ordinance.If you'd like more information about your EEO rights as
an applicant under the law, please download the available EEO is
the Law & EEO is the Law Supplement documents. View PepsiCo EEO
PolicyPlease view our Pay Transparency Statement
Keywords: PepsiCo, Plano , Sr. Analyst, Information Security, Professions , Plano, Texas
Click
here to apply!
|