Attack Surface Management Director

The Attack Surface Management Director is responsible for the global identification and assessment of vulnerabilities, scope and execution of security penetration tests, and the remediation of resulting vulnerabilities.  Sets the global strategy and direction for attack surface reduction with the sole goal to reduce vulnerabilities and ensure the protection of PepsiCo assets.

Responsibilities

• Provide leadership, direction, and strategy on all matters related to the identification and remediation of vulnerabilities for PepsiCo
• Set strategy for vulnerability assessment and configuration assessment tools
• Deliver multi-year roadmaps for the Attack Surface Management function
• Manage contracts with 3rd party vendors including SOWs, RFPs, and escalations
• Run day to day operations including vulnerability assessments and remediation efforts
• Lead and manage team of subject matter experts including staffing and day to day management
• Generate reports on assessment findings and summarize to facilitate remediation
• Conduct penetration tests, Red Team exercises, including management of the annual penetration testing by an independent 3rd party
• Defines vulnerability, configuration, and coverage KPIs/metrics to demonstrate assessment coverage and remediation effectiveness
• Communicate security and compliance issues in an effective and appropriate manner
• Recommend appropriate containment and remediation strategies to mitigate risks and drive information systems to employ appropriate level of information security controls
• COVID-19 vaccination is a condition of employment for this role.  Please note that all such company vaccine requirements provide the opportunity to request an approved accommodation or exemption under applicable law

Qualifications

• A bachelor’s degree in Computer Science, Cyber Security, or the equivalent
• 3-5+ years of experience in information security vulnerability management role
• Bonus: Certification as an information systems security professional (e.g., GIAC, CISSP, CISM, CRISC, CIPP, CISA, GICSP
• Experience with large scale and complex environments similar to PepsiCo
• Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and root causes
• A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
• Applied knowledge and experience in cybersecurity, technology infrastructure, vulnerability management, application security, and security and controls
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and the associated impact on the organization
• An ability to effectively influence others to modify their opinions, plans, or behaviors
• Excellent interpersonal skills and strong verbal and written communication
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
• Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously
• Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business 

Differentiating Competencies

• Ability to lead security initiatives that require partnership with other technology groups
• Strong project management skills with the ability to react to high pressure dynamic changing environments
• Excellent oral and written communication skills with the ability to communicate complex and technical issues to diverse audiences including executive management and leaders outside of the information technology organization 

Key Relationships:

• Partners across IT (e.g., IT Operations, IT Engineering, Managed Service Providers, application development teams) to implement security solutions
• Partners with internal and external business partners, including third party/external development teams

EEO Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity