Overview Cybersecurity PCI Governance Lead would be responsible for ensuring Pepsi Co’s adherence to PCI standards by providing strategic guidance, oversight, and coordination across Cybersecurity and business teams. This role serves as the primary liaison with the PCI Governance Committee, driving compliance initiatives, managing risk alignment, and supporting program execution. Its scope includes maintaining PCI governance frameworks, supporting assessments and remediation, advising on policy updates, and promoting awareness and training to strengthen organizational compliance posture. Responsibilities Support CISO as part of PCI Program management activities (coordinates the PCI Governance Committee, maintains policies) Collect and aggregate PCI compliance information from all business units for centralized reporting Support Cybersecurity PCI Assessment team and business units regarding assessment and remediation activities Monitor PCI compliance remediation activities (participates in weekly team meetings with Cybersecurity PCI Assessment team and periodically with Business owners and supporting functions) Boost the PCI compliance awareness among Pepsi Co associates, e.g., by organizing targeted trainings Conduct on-going checks for the effectiveness of PCI DSS related controls among business units Act as custodian for PCI Program documentation Provides the necessary guidance to the business and program management to ensure Pepsi Co’s compliance with Payment Card Industry Works with the PCI Governance structure to proactively identify new solutions and changes to existing ones Will be required to obtain the PCI ISA (Internal Security Assessor) certification once on-boarded Qualifications 3-5 Years of PCI (or similar) Individual Contributor Assessment experience Detailed knowledge of PCI DSS 4.0 (and subsequent versions) requirements, interpretations and assessment approaches Maintains PCI ISA (Internal Security Assessor) certification through annual training and exam Strong understanding of a wide variety of technologies/architectures utilized by Pepsi Co and its external business partners to understand impacts/risks to Pepsi Co and support the organization’s business objectives Strong understanding of information security requirements in contracts between Pepsi Co and its global third parties handling credit cards to help Pepsi Co’s compliance against PCI DSS requirements Knowledge of a wide variety of credit card handling technologies/architectures utilized by third parties to understand information security impacts/risks to Pepsi Co and support the organization Proven track record of process improvement capabilities Excellent verbal and written communication skills Strong Analytical skills Ability to adapt and consistently apply on the job skills/knowledge obtained to a dynamic business environment Notice to Poland-based candidates: For the purpose of ensuring informed and transparent negotiations, those who advance to the interview stage will be provided with information regarding the initial level of renumeration for the position. During the interview, any questions will be addressed and additional information on the process provided. The ‘Internal Reporting Procedure’ for making reports of violations of the law and taking follow-up action in terms of the Law on Whistleblower Protection of June 14, 2024 is available at www.pepsicopoland.com under the Contact/Career tab.
Support CISO as part of PCI Program management activities (coordinates the PCI Governance Committee, maintains policies) Collect and aggregate PCI compliance information from all business units for centralized reporting Support Cybersecurity PCI Assessment team and business units regarding assessment and remediation activities Monitor PCI compliance remediation activities (participates in weekly team meetings with Cybersecurity PCI Assessment team and periodically with Business owners and supporting functions) Boost the PCI compliance awareness among Pepsi Co associates, e.g., by organizing targeted trainings Conduct on-going checks for the effectiveness of PCI DSS related controls among business units Act as custodian for PCI Program documentation Provides the necessary guidance to the business and program management to ensure Pepsi Co’s compliance with Payment Card Industry Works with the PCI Governance structure to proactively identify new solutions and changes to existing ones Will be required to obtain the PCI ISA (Internal Security Assessor) certification once on-boarded
3-5 Years of PCI (or similar) Individual Contributor Assessment experience Detailed knowledge of PCI DSS 4.0 (and subsequent versions) requirements, interpretations and assessment approaches Maintains PCI ISA (Internal Security Assessor) certification through annual training and exam Strong understanding of a wide variety of technologies/architectures utilized by Pepsi Co and its external business partners to understand impacts/risks to Pepsi Co and support the organization’s business objectives Strong understanding of information security requirements in contracts between Pepsi Co and its global third parties handling credit cards to help Pepsi Co’s compliance against PCI DSS requirements Knowledge of a wide variety of credit card handling technologies/architectures utilized by third parties to understand information security impacts/risks to Pepsi Co and support the organization Proven track record of process improvement capabilities Excellent verbal and written communication skills Strong Analytical skills Ability to adapt and consistently apply on the job skills/knowledge obtained to a dynamic business environment Notice to Poland-based candidates: For the purpose of ensuring informed and transparent negotiations, those who advance to the interview stage will be provided with information regarding the initial level of renumeration for the position. During the interview, any questions will be addressed and additional information on the process provided. The ‘Internal Reporting Procedure’ for making reports of violations of the law and taking follow-up action in terms of the Law on Whistleblower Protection of June 14, 2024 is available at www.pepsicopoland.com under the Contact/Career tab.