• Validate SecOps agent investigations by thoroughly reviewing the incident attack story, associated alerts, involved entities, and correlated signals to ensure accuracy and completeness. • Ensure SecOps agents and automated workflows executed correctly without technical issues, verifying that investigations ran smoothly and results are reliable. • Confirm the accuracy of incident verdicts by identifying false positives, incomplete investigations, or incorrect threat classifications. • Perform deeper analysis when required, including URL detonation or sandboxing, file analysis, and reviewing customer inventory and context to ensure findings are accurate and relevant. • Validate and apply Incident Management (IM) tags correctly, and approve, modify, or reject automated findings before escalation or response.

• Use AI-enhanced SIEM, XDR, and threat intelligence platforms to continuously monitor security events across cloud and on-premises environments. • Analyze security alerts, logs, and threat data using AI-assisted tools to rapidly distinguish true positives from noise. • Proactively hunt for threats and anomalies using AI-informed behavioral analytics. • Lead and support security incident response activities; use AI tools to accelerate root cause analysis. • Conduct and support vulnerability assessments across cloud, application, and infrastructure environments; use AI tools to prioritize remediation efforts. • Support compliance activities across relevant frameworks (e.g., HIPAA, SOC 2, NIST); use AI tools to monitor for policy drift.

• Configure, troubleshoot, and maintain security infrastructure. • Respond to security alerts through investigation, documentation, and taking action as needed. • Provide audit support through evidence collection and implementing security controls. • Perform security assessments to support risk assessment and management activities. • Identify opportunities to improve security infrastructure and configurations. • Work cross-functionally with other teams on security initiatives.

Job Description Are You Ready to Make It Happen at Mondelēz International? Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours. As an individual contributor, the successful candidate will be proficient at managing risk assessments of both third parties and internal technologies. In addition, the candidate will be performing compliance activities related to technology assurance areas around access management, vulnerability management and configuration management. Candidate will also demonstrate ability and experience in governance related activities including administrative management of risk and control registers as well as policies and standards. How you will contribute Risk Management Responsibilities - Execute risk assessment testing supporting the Risk Manager. - Document risk assessment results. - Support Risk Manager in drafting risk assessment reports. - Perform administrative management of risk register (additions/editions/deletions, etc). - Document risk acceptance/exemptions that have been approved per the program. - Manage quarterly/annual review of risk acceptance/exceptions. - Manage risk assessment results in relevant dashboards. - Document Issues and Remediation activities for all exceptions noted during risk assessments. Compliance Responsibilities - Perform quarterly compliance assurance testing. - Document compliance testing results. - Maintain Management Action Plan (MAP) catalog with due dates. - Manage monthly audit MAPs. Includes the timely communication of open MAPs an escalation as needed of risks to completing MAPs at their agreed delivery dates. - Perform administrative activities in GRC Solution for compliance related activities. - Provide administrative support for ad-hoc external audits. - Provide administrative support for internal audits. - Support compliance program reporting activities. Requirements - 3 years in Information Security field, with at least 2 years working in GRC. - Experience with GRC tools (e.g., Archer). - Knowledge of security concepts and methodologies such as risk assessments, risk & controls, policies & standards, enterprise security strategies, network, and cloud security. - Knowledge of security frameworks such as CIS and NIST. - Excellent written and verbal communications skills, including presentational skills and able to clearly communicate issues to management and other key stakeholders. Business Unit Summary At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about. We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum. Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast. Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. Job Type Regular Information Security Technology & Digital