Info Security Associate Manager

Job Description

Overview The Standards Exception Associate Specialist is an additional role within Information Security Policy and Exception team. The Standards Exception team reviews, facilitates, monitors and escalates Standards Exceptions to ensure any non-compliance to Standards has the appropriate risk documented and accepted. In addition, this position will follow up on exceptions post approval to ensure remediation plans are carried out and renewal requests are submitted as required. Responsibilities Facilitate Security Standard Exceptions Expert in PepsiCo Information Security Policy and Standards and understanding of deviations to the standards Review exceptions requests and work with requestor on required updates. Gain alignment with all teams required to determine risk and overall impact to the organization (i.e. Security Engineering, Attach Service Management, Third-Party Assessments) Determine risk level of each exception by assessing inability to comply, risk introduced, mitigations to be put in place and remediation plans. Provide recommendation and explain exception and risk to Director and/or Sr. Director for final review and approval. Provide recommendations for remediation for noncompliance. Follow up on approved exceptions to ensure remediation plans are in progress and on track. Follow up on expiring exceptions to ensure Risk has been remediated or new request is submitted. Standards: o Identify and recommend Security Standards that need to be altered or documented. o Develop/Maintain metrics on exceptions to allow aggregated risk to be measured. o Identify exception patterns by analyzing historical exceptions and recommend adjustments to standards as needed to create efficiencies within process Ability to influence and inform requestors and risk acceptors (up to the VP level) on the impact of the exception request to the organizational security posture. Qualifications o Bachelor’s degree in Cyber Security, Computer Information Systems, Computer Science, or other STEM equivalent required. o CISSP or CISM certification a plus o Strong communication skills and ability to interact effectively with IT teams throughout the world o Experience working in a global environment o Organized and detail-oriented o Self-starter who demonstrates leadership skills and takes initiative o Ability to manage multiple priorities and work across multiple organizations, sectors and teams