1+ months

Associate Manager Cyber Security Contracts Compliance

Plano, TX 75074
Auto req ID: 281001BR Job Description Are you looking for a challenging opportunity in an organization with a dynamic, innovative and diverse environment? If so, your future is at PepsiCo. As a world class company, we seek excellence in everything we do. Therefore, we need talented and innovative people who are passionate about what they do. For more information you can enter www.pepsico.com Now we are looking for this position: Cyber Security Contracts Specialist Main Purpose We are PepsiCo. We are a diverse organization, spread among 200 countries and united by a shared set of values and goals. Thats why we Perform with Purpose. Together, we blaze new trails, succeed, celebrate and never settle for second best. At PepsiCo, were committed to performing well as individuals and in teams, to strengthen the company as a whole. Our employees are at the heart of PepsiCo. Through the Company's commitment to Talent Sustainability, we continue to support the development of employees. At PepsiCo, you get the best of both worlds: an entrepreneurs mindset plus global reach and resources. Our collaborative culture and worldwide presence generate a stream of new opportunities to define the future and propel your lifes work. Bring your unique perspective. Bring curiosity. Bring ingenuity and your drive. We will give you a platform to be daring on a global scale. Review information security requirements in contracts between PepsiCo and all its third parties around the world as requested, to help better protect PepsiCo from cyber security risks yet allowing the business to achieve its objectives. Assist and collaborate with procurement, business, and legal teams around the world with the negotiation of information security requirements into third-party contracts (as requested and often where English is not the first language spoken) and pursue Information Security Exceptions as required. Continuously improve the information security requirements to be included in contracts, based on best industry practices and benchmarking, the evolving threat landscape, regulatory and privacy environments, PepsiCos risk appetite and capability maturity model, vast diversity of PepsiCos third parties, and unique business needs around the world. Partner with procurement, business, legal, and other information security teams to enhance the change management process to evolve the contract language, as well as the processes to engage subject matter experts to either develop language updates or to support negotiations. Participate in contract negotiations with third parties to explain the need to include PepsiCos information security requirements in contracts, allowing for a win-win partnership with third parties. Understand the technical and business arrangements between PepsiCo and third parties (and the services provided by the third parties) to be in a better position to negotiate acceptable red lines from third parties without jeopardizing PepsiCos information security risk posture. Support implementation of (leveraging DevSecOps principles) the multiple processes involved in the inclusion of information security language in contracts into PepsiCos Governance, Risk Management, and Compliance (GRC) system. Devise effective approach to trigger third-party information security risk assessments based on the acquired knowledge of the third parties and support the risk assessment efforts. Help to develop effective processes to manage and track information security issues (and corresponding remediation) resulting from the contract negotiations, integrating them into the overall PepsiCo Third-Party Information Security Risk Management process. Learn a wide variety of technologies/architecture utilized by third parties to understand information security impacts/risks to PepsiCo and support the organization.Accountabilities: Review information security requirements in contracts between PepsiCo and all its third parties around the world as requested, to help better protect PepsiCo from cyber security risks yet allowing the business to achieve its objectives. Assist and collaborate with procurement, business, and legal teams around the world with the negotiation of information security requirements into third-party contracts (as requested and often in places where English is not the first language spoken) and pursue Information Security Exceptions as required. Continuously improve the information security requirements to be included in contracts, based on best industry practices and benchmarking, the evolving threat landscape, regulatory and privacy environments, PepsiCos risk appetite and capability maturity model, vast diversity of PepsiCos third parties, and unique business needs around the world. Partner with procurement, business, legal, controls, and other information security teams to enhance the change management process to evolve the contract language, as well as the processes to engage subject matter experts to either develop language updates or to support negotiations. Participate in contract negotiations with third parties to explain the need to include PepsiCos information security requirements in contracts, allowing for a win-win partnership with third parties. Understand the technical and business arrangements between PepsiCo and third parties (and the services provided by the third parties) to be in a better position to negotiate acceptable red lines from third parties without jeopardizing PepsiCos information security risk posture. Support implementation of (leveraging DevSecOps principles) the multiple processes involved in the inclusion of information security language in contracts into PepsiCos Governance, Risk Management, and Compliance (GRC) system. Devise effective approach to trigger third-party information security risk assessments based on the acquired knowledge of the third parties and support the risk assessment efforts. Help to develop effective processes to manage and track information security issues (and corresponding remediation) resulting from the contract negotiations, integrating them into the overall PepsiCo Third-Party Information Security Risk Management process. Learn a wide variety of technologies/architecture utilized by third parties to understand information security impacts/risks to PepsiCo and support the organization. COVID-19 vaccination is a condition of employment for this role. Please note that all such company vaccine requirements provide the opportunity to request an approved accommodation or exemption under applicable lawLearn more about our culture and life at PepsiCo https://stories.pepsicojobs.com/ At PepsiCo, we are committed to providing equal development opportunities for all candidates for employment without exception of race, religion, sex, sexual orientation, marital status, age, nationality, origin, or type of disability. We respect and value diversity as a workforce and innovation for the organization. Thank you so much for thinking about PepsiCo to start or continue your career! Qualifications/Requirements 2+ years of experience in Cyber (Information) Security including Network/ Systems/ Web/ Cloud design principles. 2+ years of experience in third-party information security risk compliance and/or governance. 2+ years of technical experience across various technologies and architectures including web technology, networking concepts, systems infrastructure, cloud services, manufacturing equipment, mobility, computer applications, and information security. 1+ years of experience in technical vendor management and/or contract negotiation roles. Good understanding of information security frameworks (NIST, PCI-DSS, ISO), reference models (cyber kill chain, MITRE ATT&CK), and concepts. Good technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, DevSecOps principles, and threat modeling. Strong understanding of Confidentiality, Integrity, and Availability controls, as well as key Privacy laws. Understanding of third-party information security risk management and PCI-DSS risk assessment principles. Technical and functional understanding of various information security solutions, technologies, and industry-leading practices, allowing this role to provide recommendations, support key decisions, and contribute to industry forums. Technical and business expertise to drive information security requirements/ clauses in third-party contracts, together with people skills to negotiate requirements with third-party representatives. Experience in vendor management and/or contract negotiation roles. Good understanding of legal concepts and jargon. Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business, allowing them to meet their strategic objectives. Good third-party information (cyber) security risk management skills to evaluate functional and technical capabilities of third parties. Ability in automating metrics, reports, and charts that are useful and appealing to various levels of executives in the organization. Bachelors degree, masters degree preferable. Proficient in Microsoft Excel, Word, and PowerPoint skills to develop ad hoc reports to convey results. Non Technical Skills Independent thinker, robust self-motivator, and strong negotiator with the ability to collaborate with virtual teams and influence decision making under stressful situations (often where English is not the first language spoken). Strong timely decision-making capabilities, with a proven ability and common sense to weigh the relative costs and benefits of potential actions and identify the most appropriate one, under stressful environments. Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance. Strong ability to review and understand information security contract language, and effectively communicate with multiple teams (such as procurement, legal, and business) to make decisions that will best protect PepsiCo in third-party contracts. Strong verbal and written communication skills and willing/can do attitude that positively impact relationships with key businesses and third-parties stakeholders, and proactively influence the actions taken by these stakeholders. Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. Ability to work on several tasks simultaneously with incomplete data/ facts. Strong ability to communicate with several levels in the organization, effectively influencing others and leading peers and superiors to modify their opinions, plans.Relocation Eligible: Not Eligible for Relocation Job Type: Regular All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance. If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy Please view our Pay Transparency Statement","city":"Plano","state":"Texas

Categories

Posted: 2022-07-01 Expires: 2022-09-01

Performance with Purpose


Out performing ourselves is a rush. That's why we perform with purpose. Together, we blaze new trails, succeed, celebrate and then do something even bigger. We never settle for second best. At PepsiCo we're not just committed to performing well as individuals, but as a team, to strengthen the company as a whole.

Around the world, we're working hard to give people the tastes they crave and the nutrition they need. We dream globally and act locally, constantly innovating to sustain our planet, our people, our communities and our business practices. New markets mean new ways of doing business, and new ways of addressing health concerns, cultural differences and environmental challenges. Every day is an adventure, and an opportunity for personal and professional growth.

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Associate Manager Cyber Security Contracts Compliance

PepsiCo Inc.
Plano, TX 75074

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast