Overview We Are PepsiCo Join PepsiCo and Dare for Better! We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place. Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries. Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years. A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world. Know more: PepsiCoJobs Join PepsiCo, dare for better. Responsibilities The Opportunity The Information Security Assessment (ISA) Lead – AI/ML Engineer is responsible for safeguarding PepsiCo’s digital assets by assessing the compliance of new and changing systems against information security requirements and driving the integration of AI-driven automation and agentic intelligence within the ISA program. This role bridges Cybersecurity, Risk Management, and AI engineering, enabling secure delivery of PepsiCo’s technology solutions through risk-based assessments, intelligent automation, and data-driven decision-making. The ISA Lead partners with Information Security, AI/ML, Architecture, and DevSecOps teams to modernize assessment processes, develop AI agents, and strengthen PepsiCo’s global security posture. Your Impact As Info Security Assoc Manager your scope would consist of: Security Design Expertise: Proven experience in assessing security architectures, data flow diagrams, network topologies, and authentication/authorization mechanisms. Demonstrated ability to align these designs with NIST 800-53, ISO 27002, CIS, OWASP, and MITRE ATT&CK to ensure resilient architectures. Skilled in identifying and mitigating potential vulnerabilities, applying defense-in-depth strategies throughout hybrid cloud and on-prem environments. AI & Automation Enablement: Develop and deploy AI-powered tools and conversational agents that enhance ISA workflows such as automated data collection, risk summarization, and control validation. Utilize OpenAI, Azure AI, ServiceNow agentic AI, Crew.ai, Copilot Studio, or LangChain to create intelligent assistants that augment human assessments and improve cycle time and accuracy. Compliance Assessment: Evaluate new and evolving applications, cloud solutions, and IT systems for compliance with PepsiCo Information Security standards. Integrate AI-assisted analysis to streamline evidence gathering and risk classification. Risk Communication: Identify, quantify, and communicate technology risks and vulnerabilities to both technical and business stakeholders. Explain scan, penetration test, and AI-analysis results in clear business language and recommend effective mitigation strategies. Project Lifecycle Reviews: Review designs and controls across project phases to ensure security and privacy requirements are met. Recommend compensating controls and influence adoption of secure architectures within Agile and DevOps pipelines. Threat Modeling: Apply advanced threat-modeling and MITRE ATT&CK methodologies to anticipate attack vectors, inform architecture reviews, and guide proactive risk mitigation strategies. Data & Knowledge Engineering: Leverage vector databases (e.g., Azure Cognitive Search, Pinecone, Weaviate) and Retrieval-Augmented Generation (RAG) techniques to enhance risk knowledge retrieval, automate control mapping, and contextualize ISA findings. Metrics Management & Reporting: Manage operational metrics for ISA and GRC programs using ServiceNow and Power BI dashboards to visualize throughput, SLA adherence, and residual risk trends. Drive data-driven improvements and transparency in assessment performance. Collaboration & Education: Collaborate across Information Security, AI, IT, and business functions to ensure understanding and adherence to security standards. Champion the adoption of AI-driven solutions and Responsible AI practices within the security domain. Continuous Improvement & Proactive Security: Govern ISA processes through continuous optimization and innovation. Stay current with emerging threats, AI ethics, and cloud security trends, embedding intelligence and automation into assessment and governance practices. Qualifications Who Are We Looking For? Experience: A minimum of 5 years of experience in Information Security, IT Risk Management, Security Architecture, or AI/ML driven automation roles. Mandatory Technical Skills: Strong understanding of information security frameworks and standards (NIST 800-53, ISO 27002, CIS, OWASP, MITRE ATT&CK). Experience with AI/ML tools and APIs such as OpenAI, Azure AI, Crew.ai, Copilot Studio, LangChain, or similar. Proficient in Power BI for data visualization, KPI tracking, and executive reporting. Foundational scripting or development experience (Python, JavaScript). Familiarity with vector databases and RAG-based knowledge retrieval techniques. Strong understanding of Azure, AWS, Salesforce, ServiceNow, or SAP security principles. Ability to interpret and explain vulnerability and penetration testing results clearly to mixed audiences. Mandatory Non-Technical Skills: Proven ability to influence and educate stakeholders on cybersecurity and AI best practices. Recognized as a trusted advisor capable of representing PepsiCo Information Security in multi-disciplinary technical discussions. Strong communication and presentation skills across technical and business domains. Demonstrated curiosity, innovation mindset, and adaptability to emerging AI technologies. Ability to collaborate across diverse teams and manage multiple concurrent initiatives. Preferred Competencies: Industry certifications such as CISSP, CISM, CRISC, or AI-related credentials (Microsoft AI Fundamentals, Azure AI Engineer, AWS AI Practitioner). Experience integrating AI agents or conversational systems with enterprise platforms. Familiarity with Agile, DevSecOps, and MLOps methodologies. Knowledge of global privacy and Responsible AI frameworks. Excellent prioritization, problem-solving, and analytical skills. Strong organizational ability to balance assessments, automation, and innovation initiatives. What can you expect from us: Opportunities to learn and develop every day through a wide range of programs. Internal digital platforms that promote self-learning. Development programs according to Leadership skills. Specialized training according to the role. Learning experiences with internal and external providers. We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others. Financial wellness programs that will help you reach your goals in all stages of life. A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle. And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others. We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.