Overview This unique opportunity is for a Third-Party Cybersecurity Requirements and Governance analyst. The analyst will be part of the Third-Party Security Risk Management Team within PepsiCo’s Cybersecurity Organization. The ideal candidate will support PepsiCo’s security agenda by ensuring cybersecurity clauses are appropriately incorporated and negotiated in third-party engagements, while driving critical cybersecurity deliverables from selected third parties. This dual role will work cross-functionally with internal teams, providing expertise and coordination in contract management. This role also supports critical functions across the PepsiCo Cybersecurity Organization by developing key deliverables, including, but not limited to, standard cybersecurity service level agreements and key performance indicators, third-party performance reporting, and dashboard insights based on analysis and analytics related to contractual obligations and requirements. Responsibilities Consult and guide internal teams in selecting and advising on appropriate cybersecurity clauses for third-party contracts. Collaborate and consult with third-party legal and cybersecurity teams to review and negotiate modifications or omissions of cybersecurity clauses. Follow up diligently with internal teams to ensure cybersecurity clauses are included in all relevant third-party contract engagements. Ensure that cybersecurity standards meet organizational and contractual compliance requirements. Ensure Information Security SLAs and KPIs for suppliers meet or exceed industry standards. Consult with the IT Vendor Relationship Management team, focusing on supplier performance measurement, the scope of security requirements, and other contractual language supporting the overall Information Security program. Ensure complete, accurate, and timely reporting of supplier analytics and insights to stakeholders within Information Security and broader IT around supplier performance Perform analysis, identify, and effectively communicate information security risks around supplier performance to leadership through key deliverables, both verbally and in writing. Develop information applying strong writing skills with consideration to clarity, grammar, spelling, consistency, presentation, and logical organization Establish and document best practices and processes for the security metrics program, specifically regarding supplier performance measurement. Qualifications Must be self-directed Experience with regulatory compliance (GDPR, NIS 2), including information security management frameworks (e.g., NIST CSF, ISO2700x, SOX, COBIT) Able to identify measures or indicators of data quality and the actions needed to improve or correct performance relative to the goals Strong communicator, in English, able to clearly articulate complex security concepts to leadership and stakeholders outside of Information Security verbally or in writing. Able to edit information to conform to style guidelines, express ideas clearly and succinctly, and communicate information visually Conversant in Microsoft tools like Excel, PowerPoint, and Power BI Bachelor’s degree in Cybersecurity, Information Technology, or a related field Preferred (but not mandatory): Master’s degree in business, statistics, information security, technology, or a related discipline. Preferred (but not mandatory): Advance certifications specific to role (such as CISA / CRISC / CISSP / CISM / etc.)