Overview
The BISO Infosec Lead for Supply chain and Commercial and Consumer Function will serve as the primary Information Security (Infosec) Lead for PepsiCo's Supply Chain (Africa, Middle East, South Asia, International Beverage) and Consumer & Commercial (EMEA) functions. Provide trusted, business-aligned security advisory and execution across the region to manage cyber risk, enable secure solution delivery (projects, IoT/BeyondtheBottle, blockchain), drive vulnerability and thirdparty risk remediation, and embed security into processes and product lifecycles to protect data, operations, brand and stakeholder trust.
Responsibilities
Individual Responsibilities
- Lead security intake for Supply Chain & Consumer/Commercial workstreams in scope; ensure timely assessment, prioritization and routing of information security requests and issues.
- Act as the regional escalation point to the Sector BISO and Global Information Security for gaps, risk exposures and remediation plans; track closure and report status.
- Provide security advisory across project lifecycles (planning deployment operations), including ISA onboarding, secure design reviews and security requirement definition.
- Drive vulnerability management and remediation coordination with owners and Deployment Leads; validate mitigations and report risk reduction.
- Support Application Risk Assessments, legacy remediation and DevSecOps coaching for Supply Chain engineering teams.
- Manage third party security interactions: assessments, remediation tracking and collaboration with TPRM and blockchain provenance teams.
- Support Incident Response and Enterprise Incident Management locally; coordinate stakeholders, containment and post incident remediation.
- Own stakeholder engagement and awareness: design and deliver security content, training, and governance briefings to gain business buy in.
- Contribute to M&A/JV due diligence and onboarding for security posture, particularly for bottlers, suppliers and technology integrations.
- Ensure security considerations for data residency/GCC processing and Beyond the Bottle device lifecycles are considered.
Role activity balance (approximate)
- Operational & Executional: 50% (work intake, remediation coordination, incident support, TPRM execution)
- Tactical: 35% (project advisory, stakeholder engagement, process improvements, training)
- Strategic: 15% (policy alignment, capability uplift, regional security roadmaps and M&A enablement)
Decision making autonomy
- Medium: empowered to make technical and process decisions within agreed policy limits escalating higher risk or policy exceptions to Sector BISO.
Supervision required
- Low to Medium: operates independently day to day; receives directional guidance and policy/strategy from Sector BISO and Global Security leads.
Role complexity
- High: cross domain technical breadth (application security , infrastructure security, IoT, blockchain, cloud, identity), regulatory complexity (cross border data, GCCs), multi jurisdiction stakeholder landscape, and process+system risk focus.
Cross functional interactions
- High: frequent collaboration with Supply Chain ops, Deployment Leads, Data Science/Analytics, IT/Cloud, Legal & Privacy, Procurement/TPRM, Compliance, HR (insider/process controls), Finance (CAPEX/Project funding), Commercial and Marketing for product/program enablement.
Success measures / KPIs (examples)
- % remediation actions closed within SLA; reduction in open critical vulnerabilities across scope; % key partners with acceptable security posture; reduction in risk in new engagements and secure from Start
Shared Accountabilities
Comanage security intake and prioritization with Deployment Leads and Project Managers (shared ownership for timely delivery of secure solutions).
Collaborate with Sector BISO on regional risk escalations, exception decisions and remediation prioritization (shared accountability for risk acceptance/mitigation).
Jointly own thirdparty remediation and contract security requirements with TPRM and Procurement (shared execution and followup).
Support Incident Response with Global IR while local Ops and business leaders share containment, communications and remediation responsibilities (shared incident management).
Partner with Data & Analytics leads on AI/model governance and with Legal/Privacy on crossborder data transfer decisions (shared governance and control implementation).
Coordinate with Security Architecture and Solutions teams for design approvals and with Finance for project CAPEX/security funding estimates (shared planning and funding accountability).
Qualifications
Yrs of Experience
9-12 years as BISO/IT Security Architect/Engineer or similar experience
Mandatory Technical Skills
- Experience with security architecture, application risk analysis,vulnerability management, data classification, CIS Top 20Critical Controls
- CISM, CISSP, GIAC certifications preferred
- Well versed in NIST Cybersecurity Framework
- Well versed in Agile development methodology andDevSecOps framework
Mandatory Non-Technical Skills
- Bachelor's degree required
- Written/spoken English proficiency required
- Strong interpersonal and oral communication skills
- Ability to translate highly technical information into plainlanguage
- High level of analytical and problem-solving abilities
Differentiating Competencies
- Highly self-motivated and directed.
- Strong organizational skills.
- Excellent attention to detail.
- Experience working in a team-oriented, collaborative environment.
- Willing can do attitude
- Ability to manage multiple priorities and work across multiple organizations and teams
