Cybersecurity GRC Assoc Principal

Overview The Cybersecurity GRC Associate Principal role will review, assess, and escalate Cybersecurity Standards Exceptions and risk to the PepsiCo environment. The role will work within the Cybersecurity scope for security standards and exception process and work with internal PepsiCo clients who are responsible for applications, vendors, infrastructure and site compliance to PepsiCo Cybersecurity standards. The role oversees the Exceptions to the standards ensuring consistent risk rating and governance to the Cybersecurity standards. The role will need to be familiar with the latest security tools and technologies and have experience with integrating security requirements into complex IT environments, and be able to identify and promote mitigations and remediation steps while conveying the risk to the PepsiCo environment. In addition, the role will work across the Cybersecurity teams and assist with reporting and analysis of overall risk. The roles will assist with ongoing metrics, support, maintenance, and documentation. ResponsibilitiesIdentify, quantify, and communicate technology risks impacting the business, recommending remediations and trends. Review IT and Information Security systems and recommend paths to eliminate identified risks and implement compensating controls. Conduct risk-based assessments and prioritize and address security risks. Utilize knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Collaborate with various IT and Business teams to ensure they are knowledgeable about Cybersecurity processes and requirements, influencing them to eliminate or reduce risks. Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Manage operational metrics related to the risk and exceptions processes, utilizing ServiceNow and Power BI for advanced reporting, tracking exceptions and risk trends, and developing corrective action plans. Govern cybersecurity risks and exceptions, tracking process metrics, while driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Also, provide inputs regarding the Cybersecurity standards while also having a strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002 Compensation and Benefits: The expected compensation range for this position is between $93,500 - $156,450. Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process. Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually. Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement. In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan. QualificationsMandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and cybersecurity. Strong understanding of information security frameworks, regulations, and standards such as NIST CSF, NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, and data analysis Strong skills in developing ad hoc reports and managing metrics. Knowledge of general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation, a plus. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Establish a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Cybersecurity in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers. Ability to quickly learn legal, cybersecurity, and privacy requirements in different regions of the world. Excellent prioritization capabilities, with an aptitude for breaking down complex work into manageable parts, effectively assessing the priority and time required to complete each part. Strong problem-solving and analytical capabilities. Education Bachelor's degree in Cybersecurity, Computer Information Systems, Computer Science, or other STEM equivalent A minimum of 5 years of experience in Information Security, IT Risk Management, Project Management or similar role Relevant certifications (CISSP, CISM, CRISC, or similar) are a plus. > Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity / Age If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy. Please view our Pay Transparency Statement

Created: 2026-03-04