Risk & Compliance Sr Specialist

Overview:
Our Information Security Group at PepsiCo is looking for a cyber security thought leader, influencer, security advocate, and driver of change, to join our very exciting journey to manage cyber security risks for PepsiCo and all our partners around the world. The Third-Party Information Security Senior Specialist will be responsible for supporting and influencing the information security efforts and team that determine functional and technical risks related to the use, processing, storage and transmission of information to and from those third-party entities engaged by PepsiCo globally.

As a Third-Party Information Security Risk Management senior specialist, you will work with a global team to evolve and implement a full life-cycle governance risk and compliance framework related to PepsiCo’s global third parties. This includes tasks such as providing strategic oversight and direction of the third-party security assessment program to adapt it to the changing threat landscape and always keep it relevant, continuously advocating for the success of our business by partnering with multiple organizations, influencing a team of global assessors responsible for executing risk-based information security risk assessments of PepsiCo’s third parties, collaborating with global procurement and legal teams to facilitate the inclusion of Information Security Requirements in third-party contracts, developing and tracking key performance indicators and operational/ executive metrics, communicating third-party assessment issue and results to both IT and Business executives, and advocating for the importance of third-party information security risk management as it pertains to the various services provided by third parties to PepsiCo.

**Responsibilities**:
Responsibilities for this position include:

- Work with and influence third-party information security risk assessors around the world (team-lead) responsible for executing risk-based information security assessments of the thousands of PepsiCo’s global third parties. Day-to-day people management and leadership.
- Provide thought-leadership and consultation to the organization related to the information (cyber) security posture of third parties through the assessed functional and technical risks related to the use, processing, storage and transmission of information to and from those third-party entities that impact PepsiCo globally (both in our corporate and manufacturing environments).
- Support Global Procurement (IT and non-IT), Legal, and business procurement teams by translating technical information into practical business considerations when reviewing changes to the standard PepsiCo Information Security Requirements in third-party contracts, and participating in the negotiation of requirements with third-party representatives.
- Participate in industry forums and influence the strategic direction of third-party information security risk management program at both PepsiCo and our key partners to keep the program relevant to the threat landscape while being cost effective.
- Coordinate and track critical initiatives focused on increasing the maturity and capabilities of the third-party information security risk management program in line with multiyear roadmap and maturity model.
- Develop rapport with global technical and management leaders responsible for third-party relationships to ensure effective cooperation throughout the assessment lifecycle and ownership of assessment results.
- Improve information security risk assessments to ensure each is technically sound and provides value-added results on the risks and vulnerabilities of third parties (in both corporate and manufacturing environments), including recommendations to mitigate the risks identified in the assessments.
- Evaluate and recommend information security requirements and leading practices for new technical/functional areas of assessments.
- Create and present executive level presentations in English that inform and influence leadership
- Partner with third-party executives and cybersecurity staff members to suggest/recommend potential mitigation solutions for risk areas, leveraging a broad view of the strategic direction of the business.
- Facilitate alignment across diverse third parties and business units, and lead key strategic initiatives, to reduce third-party risks to PepsiCo globally.
- Lead third-party onsite assessments by setting the collaborative and strategic tone with the third parties and representing PepsiCo’s business interest in the upmost professional manner.
- Envision, coordinate, lead, and coach assigned assessors to ensure proper metrics are tracked, that they reflect meeting SLAs and expectations of the assigned team, and that they are relevant to the overall business objectives and company’s strategy.

Qualifications:
Preferred Skills:

- Strong third-party information security risk assessment skills to evaluate functional and technical capabilities ac