Overview The Principal Cybersecurity Leader plays a critical role in building key security programs and driving innovation within PepsiCo's Attack Surface Management team. This leader will spearhead technical strategic initiatives in areas like container security, AI security, and API security, helping PepsiCo stay ahead of evolving threats. With a unique blend of deep technical expertise and visionary leadership, this role focuses on reducing risks in measurable ways and strengthening PepsiCo's resilience to cyber challenges. Operating at the forefront of cybersecurity, this position offers the chance to shape global operations and make a lasting impact on PepsiCo's security posture and overall success. The ideal candidate is a seasoned and innovative security leader who thrives on tackling complex challenges, delivering technical excellence, and driving meaningful change that protects and propels PepsiCo forward. Responsibilities Develop and execute on technical security transformation strategy and roadmap for emerging capabilities. Oversee security functions responsible for evaluation and incubation of emerging security capabilities across AI, API, and container security. Establish and lead a team of developers, researchers, and engineers to drive rapid automation of security capabilities. Oversee the development, deployment and operationalization of effective decentralized security controls. Develop & execute security strategies for enterprise-wide risk reduction. Implement industry-standard frameworks & security controls tailored to organizational needs, balancing risk reduction and business enablement. Define and track key risk indicators (KRIs) and key performance indicators (KPIs) to measure risk reduction and program success. Influence and collaborate with cross-functional teams, ensuring seamless integration of security measures into business operations. Manage relationships with third parties, ensuring timely & effective delivery of security outcomes. Engage in threat modeling to anticipate potential attack vectors and proactively mitigate risks. Accountabilities Deliver measurable risk reduction across the organization's attack surface. Provide actionable insights to senior leadership, translating technical security outcomes to business value. Ensure compliance with applicable regulatory frameworks while driving security innovation. Produce high-quality technical reports, risk assessments, and executive summaries. Oversee technical engagements with engineers, researchers, developers to execute specific security projects and rapidly prototype new capabilities. Foster a culture of security awareness and collaboration across teams. Stay updated on emerging threats and vulnerability trends to continuously improve security posture. Establish a program for ongoing evaluation of emerging threats (e.g., AI-based attack vectors, Containerization, advanced API threats). Drive strategic collaborations with external partners, including vendors, academic institutions, and security researchers. Act as a trusted advisor and thought leader within the organization's Cyber Fusion Center. Compensation and Benefits: The expected compensation range for this position is between $118,700 - $198,800. Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process. Bonus based on performance and eligibility target payout is 15% of annual salary paid out annually. Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement. In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan. Qualifications 10+ years of experience in Technical Security roles across multiple domain. Proficiency in Cloud Security across major platforms (AWS, Azure), including cloud-native security tools. Experience with Container Security tools and best practices, including Docker and Kubernetes. Deep expertise in container orchestration security (e.g., Kubernetes, Helm, Istio) and DevSecOps pipelines. Advanced knowledge of API Security, including securing RESTful and GraphQL APIs. Comprehensive understanding of Vulnerability Management tools, workflows, & prioritization strategies. Expertise across Application Security, Infrastructure security, Data loss prevention, and AI/LLM/ML. Familiarity with modern zero-trust architectures and distributed identity systems. Knowledge of ServiceNow vulnerability response & configuration compliance modules. Experience leading developers & engineers to develop security products and drive security outcomes. Ability to conduct quantitative and qualitative risk analysis for informed decision-making. Knowledge of industry-standard frameworks and regulations, such as NIST, ISO 27001, and PCI-DSS. Non-Technical Skills Strategic thinking, with the ability to align technical efforts with broader organizational objectives. Exceptional communication skills with ability to present technical concepts to non-technical audiences. Strong stakeholder management and collaboration skills across technical and business teams. Strong negotiation skills, especially for navigating trade-offs between risk and business innovation. Demonstrated ability to influence without authority, driving outcomes through expertise and rapport. Proven experience in leading cross-functional initiatives and working in matrixed organizations. Strong analytical and problem-solving skills, with attention to detail. Effective project management capabilities, ensuring timely delivery of complex programs. Proven capability to build and nurture diverse, high-performing teams. Ability to mentor and guide junior team members, fostering skill development and collaboration. Skilled in vendor and contractor management, ensuring alignment with organizational goals. Adaptability and resilience in a fast-paced, evolving threat landscape. EEO Statement Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy. Please view our Pay Transparency Statement