Full Job Description
The Portfolio Cyber Security Manager (PCSM) is a key member of both the Reyes Coca-Cola Division’s (RCCD) IT Business Technology team and the Reyes Holdings (RH) Security team. This role plays a critical part in leading and providing security expertise that drives the company’s security standards and policies to enhance the cyber safety of the RCCD business portfolio’s solutions and applications.
The PCSM coordinates and oversees the RCCD IT team's cyber security activities as well as implements and manages the security posture in compliance with agreed RH security frameworks. This role works with the RCCD IT Leadership team and the Technical Portfolio experts to align security priorities and plans with the key business digital objectives. The PCSM acts as the representative of the Reyes Holdings’ Chief Information Security Officer (CISO) during IT planning initiatives to ensure that security measures are incorporated into the strategic RCCD IT plans and all security delivery, compliance and risk objectives are achieved.
Position Responsibilities may include, but not limited to:
Works with the Chief Information Officer (CIO) to implement a security program and security projects that address identified risks and business portfolio application security requirements.
Manages the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the RCCD IT team with a realistic overview of risks and threats in the company’s environment.
Works with the CIO to develop budget projections based on short- and long-term goals and objectives.
Provides regular security briefings including delivery status and risk level reports to the Leadership team.
Works with RH IT team that manages technical security infrastructure (networking, servers or database management) and coordinates their security-related activities.
Monitors and reports on compliance with security policies, as well as enforces policies within the RCCD IT team.
Recommends and coordinates the implementation of technical controls to support and enforce defined security policies.
Proposes change to existing security policies and procedures to ensure operating efficiency and regulatory compliance.
Assists RCCD IT team in understanding and responding to security audit failures reported by auditors.
Provides support and guidance for legal and regulatory compliance efforts, including audit support.
Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and follows policy and audit requirements.
Provides security communication, awareness and training for audiences within all levels of the company.
Works as a liaison with security and application vendors, legal and procurement to establish mutually acceptable security language within critical contracts and service-level agreements.
Assists outsourced vendors that provide cyber security functions for compliance with contracted service-level agreements.
Works with various stakeholders to identify cyber asset owners to classify data and systems as part of a control framework implementation.
Works with various stakeholders to manage privacy data subject access requests per applicable regulatory requirements.
Conducts privacy and technology risk assessments.
Serves as an active participant in the cyber security governance process.
Works with the CIO, RCCD IT team and the Leadership team to define security metrics and reporting strategies that effectively communicate successes and progress of the security program.
Represents the company on the Security Advisory Council.
Consults with RCCD IT team and RH Security team to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
Researches, evaluates, designs, tests, recommends or plans the implementation of new or updated cyber security hardware or software, and analyzes its impact on the existing environment; provides technical and managerial expertise for the administration of security tools.
Works with security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Provides Operational Business Portfolio support.
Coordinates, measures and reports on the technical aspects of security management.
Coordinates and alerts business team to any threat activity and potential vulnerabilities
Manages security projects and provides expert guidance on security matters for IT projects.
Designs, coordinates and oversees security testing procedures to verify the security of systems, networks and applications, and manages the remediation of identified risks.
Works with RCCD IT team and the business to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
Other projects or duties as assigned.
Required Skills and Experience:
High School Diploma or GED
Certified Information Systems Security Professional (CISSP) Certification
Five plus years of IT experience including a cyber security role
Two plus years of management/supervisory experience
Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations
Ability to build relationships and interact with all levels of the company
Excellent verbal and written communication skills
Ability to communicate effectively with the IT organization, project and application development teams
Ability to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting
Strong understanding of the business impact of security tools, technologies and policies
Strong leadership abilities
In-depth knowledge and understanding of cyber risk concepts and principles as a means of relating business needs to security controls
Excellent understanding of cyber security concepts, protocols, industry best practices and strategies
Experience working with legal, audit and compliance teams
Experience developing and maintaining policies, procedures, standards and guidelines
Experience with common cyber security management frameworks, such as International Standards Organization (ISO) 2700x, NIST Cybersecurity Framework (CSF), the IT Infrastructure Library (ITIL) and Control Objectives for Cyber and Related Technology (COBIT) frameworks
Knowledge of applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, California Consumer Privacy Act and other relevant privacy and breach reporting regulations
Strong project management skills including budgeting and resource allocation experience
Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
Strong analytical and critical thinking skills
Knowledge of operating system internals and network protocols
Knowledge of the principles of cryptography and cryptanalysis
Experience in application technology security testing (white box, black box and code review)
Experience in system technology security testing (vulnerability scanning and penetration testing)
This job has up to 10% travel
This position must pass a post-offer background and drug test.
Preferred Skills and Experience:
Bachelor’s degree in Cyber Security
Eight plus years of IT experience including a cyber security role
Physical Demands and Work Environment :
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made. As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.