Job purpose

Be part of the Information Security Risk and Compliance team, to manage Information and Cyber Security risks through: effective identification, assessment, decisioning, mitigation treatment via control implementation, and active monitoring through measurement, reporting and assurance activities.  

This position works with stakeholders across all of CCEP, in all business units, countries, departments, BPT and the wider Information Security teams to ensure compliance to risk and controls design, defined by: regulation, local law, CCEP and the Coca-Cola Company. Working with stakeholders and control owners on driving performance, continuous improvement and maturity. Also owning some key security controls too; Security policy governance and lifecycle, executing an effective Security awareness and training programme to all CCEP employees, facilitating externally driven cyber self-assessment/attestation, and managing InfoSec internal and external audits from evidence submission through to finding remediation.

Main responsibilities:

• Subject Matter Expert for InfoSec Risk and Compliance related topics

• Delivery of the security training and awareness programme, including the execution of an all employee training curriculum, bespoke training creation, regular phishing tests, performance measurement and continuous improvement

• Provide consultancy and technical expertise on risk mitigation and control maturity activities

• Produce Management reporting on Information Security Risk and Control Performance Indicators

• Facilitate the Information Security Policy and Standards annual review cycles and policy exceptions and exemptions management

• Deliver Information Security risk assessments at the corporate and local levels. Including: assessment facilitation, report creation of risk decisioning, mitigation planning and action tracking, maintain all evidences and progress updates on the InfoSec risk register

• Perform periodic self-assessment of risk and controls, health checks, scoring, mitigation, and continuous improvement

• Work collaboratively with the independent assurance functions – Internal and External Auditors:

  • Support and facilitate audit evidence collection and secure storage

  • Provide tracking and management reporting of all Audit findings

• Manage InfoSec control compliance attestation, working with the control owners providing 2^nd Line of Defence oversight

• Build a strong network with key stakeholders such as: Enterprise Risk Management, Business Continuity & Resilience Team, Corporate Security, Finance Internal Controls Team, Internal Audit

Requirements:

• Bachelor’s degree in Computer Science, Management of Information Systems, Business, or related field

• 5+ years of IT experience with 2+ years of Information Security experience or similar

• English: proficiency (must)

• Qualification in Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar (desirable)

• Strong communication skills both verbal and written with demonstrated effective team working in a multi-cultural international environment

• Working collaboratively with Internal and External auditors

• Information Risk Management methodology and tools

• Implementing a Security control frameworks such as ISO 27001/2/5, NIST or similar

• Demonstrated track record of success in delivering projects/audits with budgetary constraints

• Process design and implementation skills, and mindset of continuous improvement to support the achievement of organisational goals and strategies

• Good analytical and planning skills combined with independent, goal- and process-oriented way of working

• Proven experience in navigating complex organizations with creative problem solving

• Experience in the consumer product market, beverage industry or logistics

• Knowledge of regulatory environments applicable to US publicly traded companies (SOX), Information Security and data privacy regulations and Credit Card Standards (PCI:DSS)

• Knowledge of Information Security Management Systems and Security Control Frameworks

Our employee value proposition:

• Competitive Rewards & Compensation plan

• Social Benefits & Corporate discounts

• Recognition programs

• Career & Talent progression growth opportunities

• Excellent Health & Wellbeing conditions

• Modern and comfortable working environment & tools

• Hybrid & Flexible working

• Social activities and events