Info Security Specialist

؜ - ؜القاهرة ؜ -

تفاصيل الوظيفة

Overview


The main purpose of the role is to lead, manage, and own the activities
necessary to perform information security risk assessments on the third
parties with which PepsiCo enters a business relationship for services around
the world of varying levels of criticality and complexity. The third-party
information security risk assessor will act as a trusted liaison providing
guidance, counsel, direction, and support to Business Teams and other
stakeholders at various levels (including executive leadership) around the
globe to better manage PepsiCo risks by performing third-party information
security risk assessment activities. This role will also advocate awareness
and execution of other critical third-party related security assessment
activities such as ensuring contracts include the required Global Information
Security Requirements (GISR) and completion of Payment Card Industry Data
Security Standards (PCI-DSS) assessments. The third-party information security
risk assessor will drive various process improvement initiatives and efforts
to further enhance the TPSRM assessment process and other PepsiCo initiatives
globally.


Responsibilities
* Lead, manage, and own the activities necessary to perform information security risk assessments on the global third parties with which PepsiCo enters a business relationship for services of varying criticality and complexity. At the conclusion of the assessment process, this position will make a determination of whether the third party exposes PepsiCo to security risks or not, and make a decision on the remediation actions to pursue. Failure to do so properly can expose PepsiCo to significant risks.
* Act as a trusted liaison providing direction, guidance, and counsel to Business Teams and other stakeholders at various levels (including executives) around the globe in support of third-party information security risk assessment activities. This requires a great level of technical and client relationship expertise to properly provide accurate advice. Not doing so could lead Business Teams in the wrong direction and potential prolong or severely impact the success of initiatives.
* Advocate and be an ambassador of other critical third-party related security assessment activities such as ensuring contracts include the required Global Information Security Requirements (GISR) and completion of Payment Card Industry Data Security Standards (PCI-DSS) assessments. The Assessor is commonly a critical link to identify when GISR and/or PCI actions are needed. Therefore, this role will have a material impact on educating Business Teams and providing direction to further those initiatives.
* Partner with stakeholders to drive various process improvement initiatives and efforts to further enhance the TPSRM assessment process (such as introduction of CyberGRX capabilities) and other PepsiCo initiatives. In this capacity the position will set the direction of key initiatives and their implementation with Business Teams around the globe. This role will work to obtain buy in from Business Teams and then further their adherence through training and follow-up.
* Develop innovate mechanisms to allow critical documentation to be securely stored and readily available for analysis and reporting purposes. The data captured and archived is critical to ensure historical references, manage day-to-day third-party risks, review trends and work management initiatives, and provide as evidence of adherence to regulatory, compliance, and policy requirements.


Qualifications


Mandatory Technical Skills:
*
Strong third-party information (cyber) security risk assessment skills to
evaluate functional and technical capabilities of third parties.
* In depth technical experience and knowledge of infrastructure technologies, network, web, computing, cloud services, manufacturing equipment, mobile devices, DevSecOps principles, threat modeling, and information (cyber) security, allowing this role to provide technical leadership and coaching to other members of the organization.
* Thorough understanding of Confidentiality, Integrity, and Availability controls, Privacy laws, as well as PCI-DSS compliance assessment (SAQ, ISA, QSA) principles.
* Comprehensive technical and functional understanding of various information security solutions, technologies, and industry-leading practices, allowing this role to provide recommendations, support key decisions, and contribute to industry forums.
* Technical and business expertise and savviness to drive information security requirements/ clauses in third-party contracts, together with people skills to negotiate requirements with third-party representatives.
* Strong understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business, allowing them to meet their strategic objectives.
* Bachelor 's degree, master's degree preferable.
* ‎7-‎10 years of experience in third-party information security risk compliance and/or governance.
* ‎7-‎10 years of technical experience across various information security related areas including web technology, networking concepts, systems infrastructure, cloud services, manufacturing equipment, mobility, computer applications, and information security.
* Proficient in Microsoft Excel, Word, and PowerPoint skills to develop ad hoc reports to convey results, influence executive leadership, manage expectations, and improve metrics.


Mandatory Non-Technical Skills:
*
Independent thinker and strong self-motivator, with the ability to collaborate
with virtual teams in other timezones and influence decision making.
* Strong verbal and written communication skills in English that positively impact relationships with key businesses' and third-parties' stakeholders, and proactively influence the actions taken by these stakeholders.
* Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part.
* Outstanding ability to work on several important tasks simultaneously.
* Strong decision-making capabilities, with a proven ability and common sense to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
* Robust ability to effectively influence others and lead peers and superiors to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.
* Effective ability to identify and assess the severity and potential impact of risks and communicate risk assessment findings in English to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.

ملخص الوظيفة

  • المُعلن : PepsiCo
  • تاريخ الإعلان : 23/02/2023
  • نوع العمل : -
  • مستوى الخبرة : -
  • المستوى التعليمي : -
  • مكان العمل : القاهرة
  • الراتب : -
  • الهاتف : -
  • البريد الإلكتروني :

    إظهار البريد الإلكتروني

وظائف أخرى مثل هذه الوظيفة

القاهرة
28/02/2023

**Overview** The Information Security Analytics & Insights Analyst is a role within the PepsiCo Information Security organization to assist in the development and sustainment of the security metrics program. The candidate will contribute to the development and maturity of the security metrics p…

القاهرة, مدينتي
22/01/2023

4 days in month Review diagnostics and assess the functionality and efficiency of systems Implement security measures Monitor security certificates and company compliance of requirements Offer technical support to company staff and troubleshoot computer problems Install and update company software…

الكويت
20/05/2022

**Categories** **:** Technology **Salary** **:** Negotiable **Job Information** **:** job description IT Security Specialist Are you highly innovative and transformative leader with strong understanding of complex technology environments? Have experience in Information Security domain for at …

الأحمدي
22/11/2022

We are looking for a talented and skilled IT Security Specialist to join our multicultural and diverse team in Kuwait. You will be responsible for providing the vision and strategies necessary to ensure the confidentiality, integrity, and availability of electronic information by communicating risk…

السعودية
06/04/2023

**Position** SECURITY SPECIALIST **Req Code** 3130-002 **Location** KHASHM AL AN **Grade** S-26 **Basic Functions** Assists in administration of the overall physical security and safety program. Liaises with MNG on behalf of the security coordinator in his absence. Develops and recommen…

camp arifjan
11/05/2023

## **Duties** * Implement and administer Regional Cyber center (RCC) personnel security, information security, sensitive compartment information, TEMPEST, foreign disclosure, industrial security and physical security programs. * Serves as the Special Security Officer (SSO) for the RCC Sensitive…

الرياض
14/04/2023

Company Description We will give you the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneerin…

الرياض
12/12/2022

Company Description We will give you the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneerin…

القاهرة
30/05/2022

* **Job Description:** * **Sales force effectiveness** Define and update CRM KPIs and make sure it's measured accurately. Ensure adoption of CRM concept by sales and marketing teams. Provide business with the needed CRM reports and propose corrective actions when needed. Stay close to the sales …

القاهرة
10/05/2023

**Required Language** English **Employment Type** Full time **Contract Type** Permanent **Description** ## **Job Description** The Security Specialist I is equivalent to a Tier-1 GSOC role responsible for proactively monitoring, detection, analysis and triage security event i…

Language: English