The Director of Information Security at The Coca-Cola Company will be a part of the Global Information Risk Management (IRM) Leadership Team and will report to the CISO of the Company. In this role you will develop and drive initiatives to improve the global security posture of corporate systems, Company business units, CPS Operations, and the franchise bottlers. This task will require you to manage a team of four (4) IRM Regional Managers in each of the regions, deployed at their respective Regional Delivery Centers (RDCs) located in Sofia, Singapore, Mexico City, and Atlanta. Along with the IRM Leadership Team, you will develop the IRM strategy and roadmap to deliver measurable results through collaboration across GIT, IRM, and franchise bottler IT teams.
Additionally, this role will lead the enterprise Governance, Risk, & Compliance (GRC) practice. This task will require you to define and implement the GRC Roadmap, as approved by the IRM Leadership Team. Other responsibilities include managing the Corporate Risk Assessment Team, consisting of two (2) analysts, whom are responsible for reviewing solutions and vendors to identify and mitigate risks associated with those solutions and vendors. You will also be required to collaborate with the Governance & Compliance Team, which is responsible for managing audit issues identified by the Corporate Audit Department (CAD). In addition, you will be required to collaborate with various corporate security functions, such as Information Assurance (IA), Global Internal Controls (GIC), and the Privacy Team.
The successful delivery of these responsibilities will ensure that the Company is equipped with the necessary programs, services, and solutions to securely achieve defined business goals.
Function Specific Activities:
Function Related Activities/Key Responsibilities
Provide leadership and guidance to the IRM Regional Managers in the support of franchise bottlers throughout the System.
Develop and maintain relationships with key security and IT executives at System bottlers.
Collaborate with franchise bottlers to understand and influence their business, IT, and security strategies.
Lead the cybersecurity subcommittee to deliver initiatives that improve the security posture of System bottlers.
Provide leadership and guidance to the IRM Regional Managers to support business units throughout the System.
Develop and maintain relationships with key IT and business leadership and stakeholders across global business units.
Collaborate with global business units to understand and influence their business, IT, and security strategies.
Provide guidance and support to communicate key IRM initiatives, as defined by the IRM Leadership Team, and facilitate alignment in global business units.
Facilitate IRM Regional Managers to organize local security summits in their regions, in conjunction with global security summits.
Enable IRM Regional Managers to perform key audit activities in their respective regions.
Promote company security requirements and guidelines to IT stakeholders in the global business units.
Provide leadership and guidance to various Corporate Security Functions
Establish an enterprise GRC practice, based on a combined roadmap that addresses security activity throughout the company.
Lead and manage the Corporate Risk Assessment Team to identify and mitigate risk in corporate and cloud solutions and systems.
Collaborate with the Governance & Compliance Team to manage and track audit issues, per the annual CAD audit.
Collaborate and influence security activities in the CAD, IA, GIC, and Privacy functions.
Bachelor’s Degree in Appropriate Field Required. Relevant industry certification preferred – CISA, CRISC, CISSP and/or CISM.
Related Work Experience:
15-20 years of work experience in various IT security positions with increasing responsibly, in a complex multi-national environment.
5-10 years of people manager and/or cross-functional influencer experience is required. Experience should include managing staff of security professionals by participating in standard HR processes such as recruitment, retention, performance and compensation reviews, skills development, and succession planning.
Multidimensional background is required. Areas of expertise should include the following:
Technical experience identifying and mitigating risk using comprehensive security controls and technologies.
Audit and control experience with information technology audit practices, procedures and methodologies. Experience as an IT auditor or risk advisor for a professional services firm, or in industry.
Experience managing vendors in both a long-term, staff augmentation capacity and also short-term projects that are deliverable-based. Experience developing SOWs and managing cost associated with them accordingly.
Experience developing and running large-scale programs and projects (5000+ hours) with cross-functional teams, steering committees, and enterprise-level deliverables.
Technical knowledge of the security tool landscape, platforms, and capabilities available in the marketplace, and must track the market for products relevant to TCCC.
Technical knowledge of security and risk models, including ISO 27000 series, NIST Cyber Security Framework, GRC, Privacy, PCI, Trust Models, etc.
Technical knowledge of cloud provider security architecture, including topics ranging from, compliance, operations, encryption, virtualization, and cloud-based security solutions design and build.
Technical knowledge of Microsoft Windows/Active Directory, LDAP, Internet security, and network security technologies (TCP/IP, firewalls, Anti-Virus products, etc.).
Ability to communicate with and influence senior management and technical subject matter experts at varying levels of technical and business understanding.
Excellent communication and presentation skills, as well as ability to present to various levels of IT and business leadership.
DRIVE INNOVATION: Generate new or unique solutions and embrace new ideas that help sustain our business (encompassing everything from continuous improvement to new product and package innovation)
COLLABORATE WITH SYSTEM, CUSTOMERS, and OTHER STAKEHOLDERS: Develop and leverage relationships with stakeholders to appropriately stretch and impact the System (Company and Bottler)
ACT LIKE AN OWNER: Deliver results, creating value for our brands, our System, our customers and key stakeholders
INSPIRE OTHERS: Inspire people to deliver our mission and 2020 Vision, demonstrate passion for the business and give people a reason to believe anything is possible
DEVELOP SELF AND OTHERS: Develop self and support others’ development to achieve full potential
Growth Mindset: Demonstrates Curiosity. Welcomes failure as a learning opportunity.
Smart Risk: Makes bold decisions/recommendations
Externally Focused: Understands the upstream and downstream implications of his/her work. Tracks and shares external trends, best practices, or ideas.
Performance Driven & Accountable: Has high performance standards. Outperforms her/his peers.
Fast/Agile: Removes barriers to move faster. Experiments and adapts. Thrives under pressure and fast pace.
Empowered: Brings solutions instead of problems. Challenges the status quo. Has the courage to take an unpopular stance.
Manage or participate in cross-functional teams to promote technology strategies, analyze and test products, or perform pilot and first implementations of new technologies in order to integrate new technologies into the Company's Global infrastructure.
Develop or deliver standards-related training or architecture updates (e.g., hardware, methodology, software packages, business data, security, retention, delivery methods and tools) to stakeholders (e.g., stewards, custodians, SAP power users, application teams) in order to ensure standards compliance and quality master data.
Orchestrate the deployment of resources (e.g., people, infrastructure, financial, informational) from Coca-Cola (e.g., client, internal service providers) and third parties in order to ensure successful project completion.
Create a communications plan (e.g., memos, letters, plan review meetings, status lists) to ensure frequent, accurate and timely communication to all stakeholders and to solidify commitment to the project plan.
Prepare overall implementation plans, including a detailed schedule of all activities (e.g., data conversions, cutover activities, security assignments, training, testing) and the assignment of appropriate resources, in order to move the application into a production environment.
Bachelors Degree or University: Risk Management (Required)
Years of Experience:
10+ Years Experience
DRIVE INNOVATION: Generate new or unique solutions and embrace new ideas that help sustain our business(encompassing everything from continuous improvement to new product and package innovation).
COLLABORATE WITH SYSTEM, CUSTOMERS, AND OTHER STAKEHOLDERS: Develop and leverage relationships with stakeholders to approximately stretch and impact the System (Company and Bottler).
ACT LIKE AN OWNER: Deliver results, creating value for our Brands, our System, our customers, and key stakeholders.
INSPIRE OTHERS: Inspire people to deliver our mission and 2020 Vision, demonstrate passion for the business and give people a reason to believe anything is possible.
DEVELOP SELF AND OTHERS: Develop self and support others' development to achieve full potential.
GROWTH MINDSET: Demonstrates curiosity. Welcomes failure as a learning opportunity.
SMART RISK: Makes bold decisions/recommendations.
EXTERNALLY FOCUSED: Understands the upstream and downstream implications of his/her work. Tracks and shares external trends, best practices or ideas.
PERFORMANCE DRIVEN AND ACCOUNTABLE: Has high performance standards. Outperforms her/his peers.
FAST/AGILE: Removes barriers to move faster. Experiments and adapts. Thrives under pressure and fast pace.
EMPOWERED: Brings solutions instead of problems. Challenges the status quo. Has the courage to take an unpopular stance.