Manufacturing Cyber Security Risk/Compliance Senior Specialist
Job Title: Manufacturing Cyber Security Risk/Compliance Senior Specialist
Location: Plano, TX
Category: IT and Internet
Will consider applicants in the following locations: Plano, Chicago, Purchase (NY), and Winston-Salem, North Carolina
Our Information Security Group at PepsiCo is looking for cyber security professionals to join our very exciting journey to assess the cyber security risks at PepsiCo's manufacturing plants. The Manufacturing Cyber Security Risk and Compliance Senior Specialist will be responsible for assessing information (cyber) security to determine functional and technical risks related to the use, processing, storage and transmission of information to and from PepsiCo's manufacturing and distribution plants globally.
The key responsibilities of the role are as follows:
- Conduct information security risk and vulnerability assessments (functional/technical) of PepsiCo's manufacturing and distribution plants to identify vulnerabilities, risks, and protection needs in order to generate a risk rating and potential functional and technical mitigations.
- Apply technical expertise to drill deep down into a wide variety of OT technologies/architectures utilized within the manufacturing and distribution plants. This includes SCADA (Supervisory Control and Data Acquisition) systems and other ICS (Industrial Control Systems) to understand impacts/risks to PepsiCo.
- Determine information security requirements/leading practices for new technical/functional areas of assessments.
- Contribute to the development of information security standards and policies applicable to our manufacturing and distribution plants that meet the business requirements while ensuring compliance with PepsiCo guidelines and industry leading practices.
- Present findings (functional/technical) to various stakeholders and levels throughout the organization.
- Partner with Plant Engineering, OT, and IT organizations to suggest/recommend potential mitigation solutions for risk areas.
- Strong verbal and written communication skills that positively impact relationships with key personnel from manufacturing and distribution plants.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Effective ability to identify and assess the severity and potential impact of risks, and communicate risk assessment findings to risk owners outside Information Security. Communication should consistently drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the functional and technical skills and competencies necessary to be highly-effective in the role.
These skills and competencies include:
- Bachelor's degree, master's degree preferable (in a technical area).
- Understanding of tools and technologies used for Industrial Control Systems and enterprise security.
- Familiarity with the critical tools used in security event analysis, incident response, computer forensics, malware analysis, penetration testing, and other areas of security operations.
- Fundamental knowledge of common security industry standards and frameworks such as: ISO 27001/27002, NIST (SP-800-53 or SP-800-82), COBIT, HIPAA / HITECH, FISMA, FIPS, or NERC. especially as it relates to the following:
- Building an Information Security Management System and/or Program.
- Managing internal controls, risk assessments, business process and internal IT / OT control testing or operational auditing.
- Proven ability and understanding of the components that comprise a successful Industrial Control Systems security program.
- 5+ years of experience in Cyber (Information) Security.
- 5+ years of experience on OT (Operations Technology) environments in manufacturing and distribution plants dealing with ICS (Industrial Control Systems) such as SCADA (Supervisory Control and Data Acquisition), DCS (Distributed Control Systems), and PCS (Process Control Systems).
- Knowledge of RTU (Remote Terminal Unit) and PLC (Programmable Logic Controller) systems.
- 5+ years of technical experience across various technologies and architectures including network switching and routing (TCP/IP, UDP, DNP3, Modbus, IEC 61850, OPC, OPC UA, PROFINET, etc.), firewall and gateway configurations, mobility and wireless knowledge including WiFi and Radio Frequency (RF) networks, Internet of Things, and network data/packet capture and analysis.
- Active professional information security certifications (e.g., CISSP, CRISC, GICSP, GIAC, CHE, OSCP).
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an equal opportunity employer Minorities/Females/People with Disabilities/Protected Veterans/Sexual Orientation/Gender Identity.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law (http://pep.jobs/eeo-poster) & EEO is the Law Supplement (http://pep.jobs/eeo-poster-supplement) documents by copying and pasting the appropriate URL in the address bar of your web browser.
To view our Pay Transparency Statement, please click here: Pay Transparency StatementJob Ref: 108102BR",
Performance with Purpose
Out performing ourselves is a rush. That's why we perform with purpose. Together, we blaze new trails, succeed, celebrate and then do something even bigger. We never settle for second best. At PepsiCo we're not just committed to performing well as individuals, but as a team, to strengthen the company as a whole.
Around the world, we're working hard to give people the tastes they crave and the nutrition they need. We dream globally and act locally, constantly innovating to sustain our planet, our people, our communities and our business practices. New markets mean new ways of doing business, and new ways of addressing health concerns, cultural differences and environmental challenges. Every day is an adventure, and an opportunity for personal and professional growth.