Manufacturing Cyber Security Risk and Compliance Manager

Our Information Security Group at PepsiCo is looking for cyber security professionals to join our very exciting journey to assess the cyber security risks at PepsiCo’s manufacturing plants. The Manufacturing Cyber Security Risk and Compliance Manager will be responsible for assessing information (cyber) security to determine functional and technical risks related to the use, processing, storage and transmission of information to and from PepsiCo’s manufacturing and distribution plants internally and with our global partners.

• Global position in a highly skilled, multinational team
• The opportunity to contribute to enterprise wide projects in an iconic, leading manufacturing company
• Learning and development possibilities
• Brand new office located downtown
• Private medical care and insurance
• Multisport card

• Conduct information security risk and vulnerability assessments (functional/technical) of PepsiCo’s manufacturing and distribution plants to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
• Apply technical expertise to drill deep down into a wide variety of OT (Operational Technologies) technologies/architectures utilized within the manufacturing and distribution plants. This includes SCADA (Supervisory Control and Data Acquisition) systems, manufacturing controls protocols (such as MODBUS) and other ICS (Industrial Control Systems) to understand impacts/risks to PepsiCo.
• Identify and implement information security requirements/leading practices for new technical/functional areas of industrial cybersecurity assessments.
• Contribute to the development of information security standards and policies applicable to our manufacturing and distribution plants that meet the business requirements while ensuring compliance with PepsiCo guidelines and industry leading practices.
• Present findings (functional/technical) to various stakeholders and levels throughout the organization.
• Partner with Plant Engineering, OT, and IT organizations to recommend potential mitigation solutions for risk areas.

• Bachelor’s degree, master’s degree preferable (in a technical area).
• Understanding of tools and technologies used for Industrial Control Systems and enterprise security.
• Proven ability and understanding of the components that comprise a successful Industrial Control Systems security program.
• Fundamental knowledge of common security industry standards and frameworks such as: ISO 27001/27002, NIST (SP-800-53 or SP-800-82), COBIT, HIPAA / HITECH, FISMA, FIPS, or NERC especially as it relates to the following:
• Developing an Information Security Management System and/or Program.

Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly-effective in the role. These skills and competencies include:

• In depth technical experience and knowledge of IT and OT infrastructure technologies, and information security.
• Assessment skills to evaluate functional and technical manufacturing plant environments.
• Strong verbal and written communication skills that positively impact relationships with key personnel from manufacturing and distribution plants.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.