Cybersecurity PCI Governance Lead

Descrizione del lavoro:

Overview

Cybersecurity PCI Governance Lead would be responsible for ensuring PepsiCo's adherence to PCI standards by providing strategic guidance, oversight, and coordination across Cybersecurity and business teams. This role serves as the primary liaison with the PCI Governance Committee, driving compliance initiatives, managing risk alignment, and supporting program execution. Its scope includes maintaining PCI governance frameworks, supporting assessments and remediation, advising on policy updates, and promoting awareness and training to strengthen organizational compliance posture.
Responsibilities

* Support CISO as part of PCI Program management activities (coordinates the PCI Governance Committee, maintains policies)
* Collect and aggregate PCI compliance information from all business units for centralized reporting
* Support Cybersecurity PCI Assessment team and business units regarding assessment and remediation activities
* Monitor PCI compliance remediation activities (participates in weekly team meetings with Cybersecurity PCI
* Assessment team and periodically with Business owners and supporting functions)
* Boost the PCI compliance awareness among PepsiCo associates, e.g., by organizing targeted trainings
* Conduct on-going checks for the effectiveness of PCI DSS related controls among business units
* Act as custodian for PCI Program documentation
* Provides the necessary guidance to the business and program management to ensure PepsiCo's compliance with
* Payment Card Industry
* Works with the PCI Governance structure to proactively identify new solutions and changes to existing ones
* Will be required to obtain the PCI ISA (Internal Security Assessor) certification once on-boarded
Qualifications

* 3-5 Years of PCI (or similar) Individual Contributor Assessment experience
* Detailed knowledge of PCI DSS 4.0 (and subsequent versions) requirements, interpretations and assessment approaches
* Maintains PCI ISA (Internal Security Assessor) certification through annual training and exam
* Strong understanding of a wide variety of technologies/architectures utilized by PepsiCo and its external business partners to understand impacts/risks to PepsiCo and support the organization's business objectives
* Strong understanding of information security requirements in contracts between PepsiCo and its global third parties handling credit cards to help PepsiCo's compliance against PCI DSS requirements
* Knowledge of a wide variety of credit card handling technologies/architectures utilized by third parties to understand information security impacts/risks to PepsiCo and support the organization
* Proven track record of process improvement capabilities
* Excellent verbal and written communication skills
* Strong Analytical skills
Ability to adapt and consistently apply on the job skills/knowledge obtained to a dynamic business environment

Notice to Poland-based candidates: For the purpose of ensuring informed and transparent negotiations, those who advance to the interview stage will be provided with information regarding the initial level of renumeration for the position. During the interview, any questions will be addressed and additional information on the process provided.

The 'Internal Reporting Procedure' for making reports of violations of the law and taking follow-up action in terms of the Law on Whistleblower Protection of June 14, 2024 is available at www.pepsicopoland.com under the Contact/Career tab.

* Support CISO as part of PCI Program management activities (coordinates the PCI Governance Committee, maintains policies)
* Collect and aggregate PCI compliance information from all business units for centralized reporting
* Support Cybersecurity PCI Assessment team and business units regarding assessment and remediation activities
* Monitor PCI compliance remediation activities (participates in weekly team meetings with Cybersecurity PCI
* Assessment team and periodically with Business owners and supporting functions)
* Boost the PCI compliance awareness among PepsiCo associates, e.g., by organizing targeted trainings
* Conduct on-going checks for the effectiveness of PCI DSS related controls among business units
* Act as custodian for PCI Program documentation
* Provides the necessary guidance to the business and program management to ensure PepsiCo's compliance with
* Payment Card Industry
* Works with the PCI Governance structure to proactively identify new solutions and changes to existing ones
* Will be required to obtain the PCI ISA (Internal Security Assessor) certification once on-boarded

Requisiti del candidato:

* 3-5 Years of PCI (or similar) Individual Contributor Assessment experience
* Detailed knowledge of PCI DSS 4.0 (and subsequent versions) requirements, interpretations and assessment approaches
* Maintains PCI ISA (Internal Security Assessor) certification through annual training and exam
* Strong understanding of a wide variety of technologies/architectures utilized by PepsiCo and its external business partners to understand impacts/risks to PepsiCo and support the organization's business objectives
* Strong understanding of information security requirements in contracts between PepsiCo and its global third parties handling credit cards to help PepsiCo's compliance against PCI DSS requirements
* Knowledge of a wide variety of credit card handling technologies/architectures utilized by third parties to understand information security impacts/risks to PepsiCo and support the organization
* Proven track record of process improvement capabilities
* Excellent verbal and written communication skills
* Strong Analytical skills
Ability to adapt and consistently apply on the job skills/knowledge obtained to a dynamic business environment

Notice to Poland-based candidates: For the purpose of ensuring informed and transparent negotiations, those who advance to the interview stage will be provided with information regarding the initial level of renumeration for the position. During the interview, any questions will be addressed and additional information on the process provided.

The 'Internal Reporting Procedure' for making reports of violations of the law and taking follow-up action in terms of the Law on Whistleblower Protection of June 14, 2024 is available at www.pepsicopoland.com under the Contact/Career tab