8 days old

Third-Party Information Security Contracts Compliance Specialist

Plano, TX 75074
Apply Now
Apply on the Company Site
Auto req ID: 230499BR Job Description The Third-Party Information Security Contracts Compliance Specialist will be responsible for supporting the information security requirements in our contracts with third parties around the world. These requirements are included in contracts to minimize the risks to PepsiCo assets related to the use, processing, storage and transmission of information to and from those third parties engaged by PepsiCo globally while complying with privacy and regulatory requirements. As the Specialist, you will institutionalize/ implement a full life cycle contract compliance and governance framework for third parties. This function requires performing tasks such as: collaborating with procurement, business, and legal teams to review and negotiate information security requirements in third-party contracts; suggesting improvements to the contract language, the review process, and the change management process; partnering with business around the world to pursue inclusion of these clauses in their contracts; negotiating with third parties around the world to make them understand PepsiCos needs to include such clauses; developing and tracking performance metrics; reporting results to several levels of the organization and escalating as necessary; understanding of PepsiCos integration/connection with third parties; devising approach to effectively trigger third-party information security risk assessments based on acquired knowledge of third parties; tracking third-party issues and remediation efforts; and discussing with third-party business sponsors around the world the importance of these clauses in contracts. The key responsibilities for this position include: Review information security requirements in contracts between PepsiCo and all its third parties around the world as requested, to help better protect PepsiCo from cybersecurity risks yet allowing the business to achieve its objectives Assist and collaborate with procurement, business, and legal teams around the world with the negotiation of information security requirements into third-party contracts (as requested and often where English is not the first language spoken) and pursue Information Security Exceptions as required Participate in contract negotiations with third parties to explain the need to include PepsiCos information security requirements in contracts, allowing for a win-win partnership with third parties Develop reports, metrics, and corresponding tools to track the inclusion of the information security requirements in contracts around the world and drive changes to achieve PepsiCos objectives Develop an executive presentation to provide updates to various levels of the organization, articulating actions taken to resolve issues including escalations Understand the technical and business arrangements between PepsiCo and third parties (and the services provided by the third parties) to be in a better position to negotiate acceptable red lines from third parties without jeopardizing PepsiCos information security risk posture Implement (leveraging DevSecOps principles) the multiple processes involved in the inclusion of information security language in contracts into PepsiCos Governance, Risk Management, and Compliance (GRC) system Develop effective processes to manage and track information security issues (and corresponding remediation) resulting from the contract negotiations, integrating them into the overall PepsiCo Third-Party Information Security Risk Management process Qualifications/Requirements Bachelors Degree in IT or similar field of studyExperience: 7+ years of experience and knowledge of infrastructure technologies, network, computing, cloud services, mobile devices, DevSecOps principles, and threat modeling 3+ year of experience in Information Security Architecture, ICS/SCADA/PLC technologies, Enterprise Risk. Management (ERM), and/or Information Security Risk Assessment role 3+ years of experience with regulatory compliance (GDPR, CCPA, etc.) 3+ years of experience in an IT Audit, Enterprise Risk Management (ERM), or Risk Assessment role. 3+ years of experience with information security management frameworks (e.g., IS0 27000/27001, COBIT, NIST CFS, NIST 800, etc.) 3+ years of direct technical experience with one or more security-related regulatory or industry standards (HIPAA/HITECH, SOX, PCI-DSS, etc.) Strong understanding of information security frameworks (NIST, PCI-DSS, ISO), reference models (cyber kill chain, MITRE ATT&CK), and concepts (threat intelligence, incident response, cyber resiliency, cyber insurance, malware, cyber risk management, etc.) Expertise to drive information security requirements/ clauses in third-party contracts, together with people skills to negotiate requirements with third-party representatives. Experience in vendor management and/or contract negotiation roles Strong ability to review and understand information security contract language, and effectively communicate with multiple teams (such as procurement, legal, and business) to make decisions that will best protect PepsiCo in third-party contracts At least one of the following certifications is highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM) Advance Microsoft Excel spreadsheet skills and basic knowledge of Tableau Relocation Eligible: Not Eligible for Relocation Job Type: Regular All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance. If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy Please view our Pay Transparency Statement","street_address":"United States - TX - Plano - 5600 Headquarters Dr - 75024-5838","city":"Plano","state":"Texas
Posted: 2021-06-10 Expires: 2021-07-11

Performance with Purpose


Out performing ourselves is a rush. That's why we perform with purpose. Together, we blaze new trails, succeed, celebrate and then do something even bigger. We never settle for second best. At PepsiCo we're not just committed to performing well as individuals, but as a team, to strengthen the company as a whole.

Around the world, we're working hard to give people the tastes they crave and the nutrition they need. We dream globally and act locally, constantly innovating to sustain our planet, our people, our communities and our business practices. New markets mean new ways of doing business, and new ways of addressing health concerns, cultural differences and environmental challenges. Every day is an adventure, and an opportunity for personal and professional growth.

Sponsored by:
ADP Logo

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Third-Party Information Security Contracts Compliance Specialist

PepsiCo Inc.
Plano, TX 75074

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast