• Third-Party Cyber Security Compliance Associate Specialist Warsaw
  • PepsiCo in Warsaw, , Poland
  • jobs
  • 2 weeks ago

jobs description

Auto req ID: 237150BRJob DescriptionOur Information Security Group at PepsiCo is looking for information/ cyber security professionals to join our very exciting journey to manage information/ cyber security risks for PepsiCo as we engage thousands of third parties around the world. The Third-Party Information/ Cyber Security Compliance Associate Specialist will be responsible for performing information (cyber) security risk assessments to determine functional and technical risks to PepsiCo’s assets related to the access, use, processing, storage and transmission of information to and from those third parties that impact PepsiCo globally.Accountabilities:The key responsibilities of the role are as follows:Provide suggestions and assess information (cyber) security risk posture of PepsiCo’s many third parties to determine functional and technical risks related to the use, processing, storage, and transmission of information to and from those third parties.Collaborate and contribute to... the PCI-DSS assessments in PepsiCo, including process improvements and integration of governance activities with the rest of the PepsiCo assessment processes.Support PepsiCo business teams by reviewing changes to the standard PepsiCo Information Security Requirements in third-party contracts and participate in the negotiation of requirements with third-party representatives.Own third-party reviews (functional/technical) throughout the entire assessment life cycle.Conduct information security risk and vulnerability assessments (functional/technical) of third parties (including Mergers and Acquisitions, OT third parties, and PCI-subjected entities) to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.Apply technical and architectural expertise to drill deep down into a wide variety of technologies/architectures utilized by third parties to understand impacts/risks to PepsiCo.Determine information security requirements/leading practices for new technical/functional areas of assessments, and work in industry forums to advance PepsiCo’s program and cyber maturity.Assess third-party information security risk posture (functional/technical) to ensure compliance with PepsiCo guidelines and industry leading practices.Present findings (functional/technical) to various stakeholders and levels throughout the organization.Partner with business and third parties to suggest/recommend potential mitigation solutions for risk areas.Facilitate alignment across diverse parties and business units and lead key strategic initiative that allow to reduce third-party risks to PepsiCo.Lead, coordinate, and drive third-party onsite visits to perform thorough assessments by setting the collaborative and strategic tone with the third parties and represent PepsiCo’s business interest in the upmost professional manner.Determine information security requirements/leading practices for new technical/functional areas of assessments.Coordinate peer assessors’ efforts to ensure proper expectations and consistent processes are performed by all the team.Proactively develop productive relations with technical and management leaders to own third-party reviews (functional/technical) throughout the entire assessment life cycle.#LI-POLANDQualifications/RequirementsMandatory Technical Skills:Strong third-party information (cyber) security risk assessment skills to evaluate functional and technical capabilities of third parties.In depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, DevSecOps principles, threat modeling, and information (cyber) security, allowing this role to provide technical leadership and coaching to other members of the organization.Basic understanding of Confidentiality, Integrity, and Availability controls, Privacy laws, as well as PCI-DSS compliance assessment (SAQ, ISA, QSA) principles.Comprehensive technical and functional understanding of various information security solutions, technologies, and industry-leading practices, allowing this role to provide recommendations, support key decisions, and contribute to industry forums.Technical and business expertise to drive information security requirements/ clauses in third-party contracts, together with people skills to negotiate requirements with third-party representatives.Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business, allowing them to meet their strategic objectives.Bachelor’s degree, master’s degree preferable.3+ years of experience in Cyber (Information) Security including Network/ Systems/ Web/ Cloud design principles.1+ year of experience in third-party information security risk compliance and/or governance.3+ years of technical experience across various technologies and architectures including web technology, networking concepts, systems infrastructure, cloud services, manufacturing equipment, mobility, computer applications, and information security.Proficient in Microsoft Excel, Word, and PowerPoint skills to develop ad hoc reports to convey results, influence executive leadership, manage expectations, and improve metrics.Mandatory Non-Technical Skills:Independent thinker and strong self-motivator, with the ability to collaborate with virtual teams and influence decision making.Strong verbal and written communication skills that positively impact relationships with key businesses’ and third-parties’ stakeholders, and proactively influence the actions taken by these stakeholders.Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part.An ability to work on several tasks simultaneously.Strong decision-making capabilities, with a proven ability and common sense to weigh the relative costs and benefits of potential actions and identify the most appropriate one.Strong ability to effectively influence others and lead peers and superiors to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.Desired Qualifications:Ability to speak Russian highly desirable.At least one of the following certifications is highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM).1+ year of experience in Information Security Architecture, ICS/SCADA/PLC technologies, Enterprise Risk Management (ERM), and/or Information Security Risk Assessment role.Relocation Eligible: Not ApplicableJob Type: Regular
Warsaw Poland


Apply - Third-Party Cyber Security Compliance Associate Specialist Warsaw