|Preferred GIAC Certifications||GSLC, GSTRT, GCPM|
|Salary||Depends on Experience|
|Contact Name||Apply on Careers Page|
The Senior Director of Regional Cybersecurity at The Coca-Cola Company will be a part of the Global Cybersecurity team. In this role the successful candidate will develop and drive initiatives to improve the global security posture of Company operating units (OUs), production plants, subsidiaries, and franchise bottlers and partners. The responsibilities of this role require the management of a team of four (4) Regional Information Security Leads (ISLs) and two (2) Regional Cyber Analysts, distributed across their respective Regional Delivery Centers (RDCs) located in Sofia, Singapore, Mexico City, and Atlanta. This role will lead the Regional Cyber Team to deliver services required to support and improve internal and external stakeholder engagement. The role will deliver this mission by understanding the Global Cybersecurity strategy and roadmap and executing it through collaboration across Technology Services, Global Cybersecurity internal functions, and System entities. Successful execution will ensure that the business is equipped with the necessary programs, services, and solutions to securely achieve their business goals. This role will report to the Global Chief Information Security Officer.
Function Related Activities/Key Responsibilities
Provide leadership and guidance to the Regional Cyber Team in the support of System entities.
Develop and maintain relationships with key security and IT executives at global bottlers and partners.
Collaborate with franchise bottlers and partners to understand and influence their business, IT, and security strategies.
Assist bottlers in your geography with the development of their cybersecurity roadmap and the overall improvement in their cyber security program.
Participate as an active member of the cybersecurity subcommittee in support of delivering cybersecurity initiatives for the improvement of bottlers across the System.
Drive participation of global bottlers and partners in the online community of practice to facilitate coordination of global activities across the System.
Drive bottler and partner participation in the global self-assessment measuring capability across various cybersecurity and infrastructure resilience controls.
Lead the Regional Cyber Team to assist bottlers and partners with action plan development, to facilitate the increase of their capability levels across the measured controls.
Work with the Global CISO to coordinate strategies and vendor partnerships to drive alignment across the system.
Provide leadership and guidance to the Regional Cyber Team to support global operations across the Company.
Develop and maintain relationships with key IT and business leadership and stakeholders.
Understand and support key business and IT strategies across the company Functions, Platform Services, and global OUs.
Understand and communicate key Global Cybersecurity activities across the Company, such as cybersecurity awareness, third party risk, and incident response.
Serve as an extension of the Global Cybersecurity team and work with the Regional Cyber Team to coordinate similar activities to bridge time zones.
Coordination the direction of local security summits in the regions, in conjunction with global security summits that are organized by the Global Cybersecurity team.
Promote company security requirements and guidelines to IT stakeholders and ensure they have the knowledge to apply them appropriately.
Understand and support the delivery of key applications and programs within the regions.
Work with the Cyber Defense team and strategic partners to assist in incidence response across the System.
Provide leadership and guidance to various Corporate Security and Risk Functions
Develop and maintain relationships with key IT and business leadership and stakeholders across the enterprise, such as Legal, Enterprise Risk, Corporate Audit Department, and the Strategic Security Department.
Understand and support key business and IT strategies across the enterprise and facilitate alignment across OUs.
Facilitate collaboration of leadership and subject matter experts across the enterprise and global OUs.
Work with corporate and regional Privacy teams to facilitate the application of Privacy regulation across supported systems and solutions.
Bachelor’s Degree in Appropriate Field Required.
Relevant industry certification preferred – CISA, CRISC, CISSP and/or CISM.
Related Work Experience:
15-20 years of work experience in various IT security positions with increasing responsibly, in a complex multi-national environment.
5-10 years of people manager and/or cross-functional influencer experience is required. Experience should include managing staff of security professionals by participating in standard HR processes such as recruitment, retention, performance and compensation reviews, skills development, and succession planning.
Multidimensional background is required. Areas of expertise should include the following:
Technical experience designing, implementing, and/or supporting enterprise technology solutions.
Technical experience identifying and mitigating risk using comprehensive security controls and technologies.
Audit and control experience with information technology audit practices, procedures, and methodologies. Experience as an IT auditor or risk advisor for a professional services firm, or in industry.
Experience managing vendors in both a long-term, staff augmentation capacity and also short-term projects that are deliverable based. Experience developing SOWs and managing cost associated with them accordingly.
Experience developing and running large-scale programs and projects (5000+ hours) with cross-functional teams, steering committees, and enterprise-level deliverables.
Technical knowledge of the security tool landscape, platforms, and capabilities available in the marketplace, and must track the market for products relevant to the Company.
Technical knowledge of security and risk models, including ISO 27000 series, NIST Cyber Security Framework, GRC, Privacy, PCI, Trust Models, etc.
Technical knowledge of cloud provider security architecture, including topics ranging from, compliance, operations, encryption, virtualization, and cloud-based security solutions design and build.
Technical knowledge of Microsoft Windows/Active Directory, LDAP, Internet security, and network security technologies (TCP/IP, firewalls, Anti-Virus products, etc.).
Ability to communicate with and influence senior management and technical subject matter experts at varying levels of technical and business understanding.
Excellent communication and presentation skills, as well as ability to present to various levels of IT and business leadership.
DRIVE INNOVATION: Generate new or unique solutions and embrace new ideas that help sustain our business (encompassing everything from continuous improvement to new product and package innovation)
COLLABORATE WITH SYSTEM, CUSTOMERS, and OTHER STAKEHOLDERS: Develop and leverage relationships with stakeholders to appropriately stretch and impact the System (Company and Bottler)
ACT LIKE AN OWNER: Deliver results, creating value for our brands, our System, our customers and key stakeholders
INSPIRE OTHERS: Inspire people to deliver our mission and 2020 Vision, demonstrate passion for the business and give people a reason to believe anything is possible
DEVELOP SELF AND OTHERS: Develop self and support others’ development to achieve full potential
Growth Mindset: Demonstrates Curiosity. Welcomes failure as a learning opportunity.
Smart Risk: Makes bold decisions/recommendations
Externally Focused: Understands the upstream and downstream implications of his/her work. Tracks and shares external trends, best practices, or ideas.
Performance Driven & Accountable: Has high performance standards. Outperforms her/his peers.
Fast/Agile: Removes barriers to move faster. Experiments and adapts. Thrives under pressure and fast pace.
Empowered: Brings solutions instead of problems. Challenges the status quo. Has the courage to take an unpopular stance.
Manage or participate in cross-functional teams to promote technology strategies, analyze and test products, or perform pilot and first implementations of new technologies in order to integrate new technologies into the Company's Global infrastructure.
Develop or deliver standards-related training or architecture updates (e.g., hardware, methodology, software packages, business data, security, retention, delivery methods and tools) to stakeholders (e.g., stewards, custodians, SAP power users, application teams) in order to ensure standards compliance and quality master data.
Orchestrate the deployment of resources (e.g., people, infrastructure, financial, informational) from Coca-Cola (e.g., client, internal service providers) and third parties in order to ensure successful project completion.
Create a communications plan (e.g., memos, letters, plan review meetings, status lists) to ensure frequent, accurate and timely communication to all stakeholders and to solidify commitment to the project plan.
Prepare overall implementation plans, including a detailed schedule of all activities (e.g., data conversions, cutover activities, security assignments, training, testing) and the assignment of appropriate resources, in order to move the application into a production environment.
Our Purpose and Growth Culture:
We are taking deliberate action to nurture an inclusive culture that is grounded in our company purpose, to refresh the world and make a difference. We act with a growth mindset, take an expansive approach to what’s possible and believe in continuous learning to improve our business and ourselves. We focus on four key behaviors – curious, empowered, inclusive and agile – and value how we work as much as what we achieve. We believe that our culture is one of the reasons our company continues to thrive after 130+ years. Visit Our Purpose and Vision to learn more about these behaviors and how you can bring them to life in your next role at Coca-Cola.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class. When we collect your personal information as part of a job application or offer of employment, we do so in accordance with industry standards and best practices and in compliance with applicable privacy laws.