Overview

The Supply Chain/Operational Technology - Cyber OT Lead - Sr. Manager, PFNA/PBNA/LATAM Sectors - position within the Information Security Group (ISG) OT Cyber function delivers the Operational Technology security program relevance, assesses risk posture, and oversees security compliance and remediation for the business units spanning a broad geography: All of the Americas from Canada to Argentina (more than half of PepsiCo's high-value manufacturing sites). Following are key role expectations:

This is a role requiring vision and strategy, executive presence, leadership influencing skills, and a detailed understanding in how to adapt and align a global foundational security program to a multi-sector security framework that includes a myriad of established, emerging, and frontier business markets. The role is multi-dimensional requiring extensive security and business integration experience with proven capability in both technical skills and cultural awareness to identify, solve, monitor, and report key cybersecurity risk management components across the organization. The position will report to the US-based Global Cybersecurity Supply Chain/OT BISO (LG3) within PepsiCo's Cybersecurity function and have an initial 3 direct reports based in US and Mexico (two hired in 2024 and one pending) with expectation of expansion for additional compliance requirements.

• Create a vision, strategy, and processes for a comprehensive and multi-national OT cyber resiliency operating model that comprehends the complexities of three Sectors - includes three of the top five revenue generating Business Units within PepsiCo. The operating model will ensure security policy/standards compliance, cyber risk issues and exceptions management, security vulnerability mitigation, security awareness, and security oversight for work intake, projects, and data loss prevention initiatives.
• Establish leadership relevance for the PFNA, PBNA, and LATAM Sectors by ensuring visibility and alignment to the global cyber security program/framework and BISO's roles within PepsiCo and the information security industry. It's imperative that this role mirror scope and processes that complement the peer OT Cyber Lead role for other PepsiCo Sectors and yet maintains a fundamental understanding of the complexities, uniqueness, and utility of the Operational Technology deployed for relevant food, snack, and beverage plants within the in-scope Sectors.
• Own relationship and partner with Sector Supply Chain Operational Technology Leads (L11 to LG3) to manage program and stakeholder expectations and prioritization of cybersecurity in projects, capabilities, and culture change initiatives. Additionally, drive investment in layers of defense beyond the SC/OT Cybersecurity scope to reduce residual risk.
• Define, coordinate, and implement projects and/or mechanisms that establish synergies among the various sector security manager teams to drive the global security program.
• Develop a framework that includes a support model for Regions and Business Units within the Sectors to ensure comprehensive security operational coverage for the business.
• Develop and execute a roadmap with initiatives and enhancements to complement the various Sector baseline and investment initiatives and business models, drive for security vulnerabilities mitigation, and grow security capabilities to remain current with the ever-expanding threat landscape.
• Drive Sector Supply Chain leadership engagement and actions with insights, analysis, and remediation of security breaches and identified vulnerabilities on a timely basis. In many cases this involves influencing prioritization of investments for long-term resilience.
• Create scorecards, metrics, and reporting capabilities to assess Sector, Region, and Business Unit security postures to support the SC/OT governance, risk, compliance, and sustain function and global information security group analytics and insights team with complete, accurate, and timely information.
• Ensure consistent application of the InfoSec Policy/Standards Issues and Exception process (new for PepsiCo Supply Chain Operational Technology) with risk assessments to provide remediation and exception duration guidance.
• Drive consistency and continuity in process and procedures with security Standards Exceptions for localization as required by regional laws and/or special circumstances.
• Manage forensic analysis, investigations, and requirements from the global security Incident Response team that include, among other functions, Audit/Legal/HR and Sector SC/OT Leadership.
• Collaborate with global security coordinators, Corporate Audit, and Corp/S&T/Sector Controllers function to ensure SOX and other key controls are established and maintained effective within span of control.
• Assist in deployment of global security initiatives within the Sectors -- serves as last mile for assurance of deployment/execution excellence.
• Partner with Sector/BU/Function BISO roles to ensure consistency and effectiveness in global approaches, processes, and procedures for alignment with overall corporate cybersecurity strategy.
• Design, coordinate, and facilitate periodic Sector multi-day OT Cyber Workshops to provide supply chain leadership (LG1-LG5) with visibility to SC/OT cyber global program risk management actions and sector specific cyber benchmarking, maturity, metrics, and posture relative to their Supply Chain (SC) risk landscape.

• The expected compensation range for this position is between $118,700 - $198,800.
• Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
• Bonus based on performance and eligibility target payout is 15% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
  In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.

• 15+ years with following experiences: Cybersecurity, Operational Technology, multi-national projects/experiences, program governance, project management, CPG Business, demonstrated IT/Business collaboration and success, executive-level presentation/influence.

• Experience deploying and/or well-versed in IT/OT Firewall and Hardening; IT/OT logical and physical segmentation; DMZ's; SME level on network connectivity levels with various vendor solutions.

• Executive Presence.
• Multi-national cultural sensitivity and adaptability.
• Excellent communication skills.
• Organized and detail oriented.
• Self-starter who demonstrates leadership skills and takes initiative.
• Willing/"can do" attitude to drive for results as team player.
• Ability to manage multiple priorities and work across multiple organizations, Regions, Sectors, and teams.

• CISA, CISM, CISSP, IEC/ISA-62443 are desirable.
• Experience in identifying best approach and options from multiple solutions involving ambiguity and conflicting priorities to enable security within the business.
• Operational Technology at manufacturing plants.