3 Compliance Assessment Jobs

Key Responsibilities 1. Compliance Assessment: Assess the organisation compliance with the certification standards ISO, VISA, Rupay, Intergraf, CQM, ISMS etc. evaluate process, procedures, practices, and documentation to determine if they meet the standards requirements. Identify any nonconformities or areas of improvement/gaps and guide the business to align to the standards. 2. Risk Analysis: Conduct Risk analysis, identify business/process risks; Introduce control measures and risk mitigation plan. Review the effectiveness and efficiency of internal control system and implement corrective action. 3. Internal Audit: Developing, monitoring, and maintaining internal auditing process in line with business. Prepare internal audit plan, conduct the audit in a defined frequency. Raise observations and guide the business to put control system. Conduct surprise audits, prepare audit analysis report for various departments and to ensure the standards are strictly followed. 4. Advisory role: Review the organisational policies with the certification standards, identify the gaps. Provide valuable advice in framing policies, procedures, norms, and control systems. 5. External Audit: Coordinate with certification agencies, keep up to date with the latest changes in the certification standards, advise the business about the changes and train the respective stakeholders to incorporate the changes. Arrange for external audits, supervise the audit, help the business in closing the nonconformities and observations if any. Also responsible for new certifications. 6. Training: Provide continuous training for the internal auditors and develop them. Train the respective process owners whenever there is change in the certification standards, deviation in the implementation of standards, new certification standards and its documentation requirements. Skills Required 1. Excellent attention to details 2. Analytical thinking 3. Communication skill 4. Ability to train and develop. 5. Team management Technical/Functional Proficiency Required 1. Expertise in ISO and other standards 2. Computer proficiency 3. Drafting reports.

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design Expertise: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance Assessment: Assess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk Communication: Identify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle Reviews: Review IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk Assessments: Conduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and Education: Collaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow Utilization: Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and Reporting: Manage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive Security: Govern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.

Position: Infosec Analyst Audit & Compliance Experience: 3 to 10 years Location: Pune Key Responsibility Areas (KRA): Regulatory Compliance & Governance: Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, HIPAA, and enforce security policies. Audit & Risk Management: Lead internal/external audits, manage compliance assessments, and drive risk mitigation. Incident Response & Compliance Monitoring: Work with Security Operations to monitor incidents, ensure compliance, and support investigations. Security Awareness & Training: Develop and implement training programs to strengthen cybersecurity culture. Vendor & Third-Party Security: Assess vendor security risks, ensure contract compliance, and enforce security standards. Business Continuity & Disaster Recovery (BCDR): Support security-related aspects of BCDR, ensuring compliance with recovery objectives. Critical Coordination & Availability: Be available during US business hours for audits, compliance discussions, and security escalations. Roles & Responsibilities: Lead security audits, compliance initiatives, and regulatory assessments. Maintain security policies, documentation, and reporting for compliance readiness. Serve as the primary contact for auditors, legal teams, and regulatory bodies. Oversee remediation efforts for vulnerabilities and drive timely risk mitigation. Monitor security controls, drive continuous improvement, and align compliance with business objectives. Support security incidents and investigations related to compliance risks. Ensure availability for critical discussions, escalations, and audits during US hours.