Information Security Senior Analyst: Security Integration - Paarl/Gauteng at PepsiCo

Responsibilities

• The Security Integration Lead is the primary contact within their region for security work intake
• Assist Attack Surface Management and Global Digital Connections teams when working with third parties locally on website/mobile security remediation
• Escalate and report on security gaps/opportunities within the region to Sector BISO
• Engage with key stakeholders to ensure that processes and initiatives operate within the documented security org framework, monitor security policy/standards compliance, and Information Security strategy is understood and communicated
• The Security Integration Lead is the primary contact within their region for security work intake
• Identify Stakeholder resistance and barriers and tighten thecohesion between business and Information Security
• Develop and implement strategies for engaging business functions on information security matters and gain buy-in
• Support and track sector-based security exception process and remediation
• Onboard to and provide training on Information SecurityServices Requests (ISSR)
• Partner with Manufacturing OT and IT teams for Information Security engagement activities and partner awareness
• Develop content and present on Information Security programs, initiatives, awareness and risk in consultation withSMEs and functional capability owners
• Engage BRM and Project owners throughout the project lifecycle as trusted advisor for ISSR service delivery and process management
• Assist on the delivery of Cyber Security program initiatives within the regions through Information Security PMO and Compliance Lead alignment to manage sector security initiatives
• Support of vulnerability remediation plan development and owner identification
• Act as trusted advisor throughout exception risk management from exception initiation, stakeholder identification, mitigating controls, remediation plan recommendations, and sign-off activities
• Responsible for educating business functions on Information Security services and processes
• Perform local security awareness initiatives such as clean desk exercise to reinforce and promote security standards compliance
• Supports IR in driving awareness and remediation of security compliance related incidents locally to include engagement of appropriate stakeholders
• Support Data Protection Evaluation and Recertification program through BRM engagement and coordination of activities
• Provide feedback on security requirements during planning cycles
• Assist Security Assurance and project teams in securityrequirements' funding estimates for CAPEX/Projects
• Collaborate with and support Third Party Security Risk Management team on assessments, issues, escalations and remediation
• Be the security coach for sector DevSecOps teams

Qualifications

• 8-12 years of related IT Security technical and business interfacing work experience
• Experience with security architecture, application risk analysis, vulnerability management, data classification, CIS Top20 Critical Controls
• CISM, CISSP, GIAC certifications preferred
• Well versed in NIST Cybersecurity Framework
• Well versed in Agile development methodology and DevSecOps framework
• Bachelor’s degree required
• Written/spoken English proficiency required
• Strong interpersonal and oral communication skills
• Ability to translate highly technical information into plain language
• High level of analytical and problem-solving abilities
• Highly self-motivated and directed
• Strong organizational skills
• Excellent attention to detail
• Experience working in a team-oriented, collaborative environment
• Willing "can do" attitude
• Ability to manage multiple priorities and work across multiple organizations and teams