Cybersecurity Risk and Data Protection Manager

Our Purpose and Growth Culture:

We are taking deliberate action to nurture an inclusive culture that is grounded in our company purpose, to refresh the world and make a difference. We act with a growth mindset, take an expansive approach to what's possible and believe in continuous learning to improve our business and ourselves. We focus on four key behaviors - curious, empowered, inclusive and agile - and value how we work as much as what we achieve. We believe that our culture is one of the reasons our company continues to thrive after 130+ years. Visit Our Purpose and Vision to learn more about these behaviors and how you can bring them to life in your next role at Coca-Cola.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.

Requisition ID: 251843

Locations: Charlotte 

 

Click here to experience a Day in the Life of our Teammates!

 

Uncap Your Potential at America's Largest Coca-Cola Bottler - Pour Your Passion into Purpose!

We're more than beverages-we're building meaningful careers and vibrant communities. Join our team where your talent meets purpose, and every teammate directly shapes our success.

• Career Growth: Clear pathways to advance and develop your career
• Competitive Benefits: 401(k) match + health coverage + employee stock purchase plan
• Purpose-Driven: Create meaningful impact in the communities you serve
• Professional Development: Dedicated training + personalized mentorship

Join us - your refreshing new chapter starts here!

Job Overview

The Manager, Cybersecurity Risk Management - Data Protection is responsible for leading the identification, assessment, and management of cybersecurity risks that could impact the confidentiality, integrity, and availability of the company's data and critical business operations. This role serves as a key driver of the organization's cybersecurity risk management program, ensuring risks are understood, prioritized, and addressed in alignment with business objectives and risk tolerance.
 
This position partners closely with IT, Legal, Compliance, Internal Audit, and business leaders to translate cybersecurity and data protection risks into clear business impact, support informed decision-making, and strengthen governance and assurance across the enterprise. The Manager is accountable for maintaining risk assessments, supporting regulatory and audit requirements, overseeing control effectiveness related to data protection, and driving continuous improvement of cybersecurity risk practices across corporate and operational environments.
 
Rather than acting as a hands-on technical operator, this role functions as a manager of risk and process, providing oversight, coordination, and guidance to ensure cybersecurity risks-particularly those related to sensitive data, third parties, and manufacturing and distribution operations-are effectively managed and communicated.

Duties & Responsibilities

• Lead the cybersecurity risk management program for data protection by identifying, assessing, prioritizing, and documenting risks that could impact sensitive data, business operations, and regulatory obligations.
• Develop and maintain enterprise cybersecurity risk artifacts, including risk assessments, risk registers, and risk treatment plans, ensuring alignment with organizational risk tolerance and business objectives.
• Partner cross functionally with IT, Legal, Compliance, Internal Audit, and business stakeholders to ensure cybersecurity and data protection risks are understood, owned, and appropriately managed.
• Support governance, audit, and assurance activities by overseeing control documentation, evidence collection, and remediation tracking related to cybersecurity and data protection risks.
• Translate cybersecurity risk into business impact through clear, executive level reporting, dashboards, and presentations to enable informed decision making by leadership.
• Drive continuous improvement of cybersecurity risk practices, including alignment with industry frameworks (e.g., NIST CSF) and evolving regulatory, operational, and threat landscapes.
• Provide guidance and oversight to ensure consistent application of risk management processes across corporate, operational, and third party environments.

Knowledge, Skills, & Abilities

• Strong risk assessment and analytical skills, with the ability to identify, prioritize, and document cybersecurity and data protection risks.
• Demonstrated problem solving and critical thinking skills to evaluate complex risk scenarios and recommend practical, risk based solutions.
• Ability to translate technical cybersecurity risks into business impact, enabling informed decision making by leadership and stakeholders.
• Experience with strategy development and program execution, including defining objectives, tracking progress, and driving continuous improvement.
• Effective time management and organizational skills, with the ability to manage multiple priorities and deadlines concurrently.
• Strong written and verbal communication skills, including the ability to prepare executive level reporting and facilitate cross functional discussions.
• Proven ability to work cross functionally with IT, Legal, Compliance, Audit, and business teams to align on risk treatment and accountability.
• Experience supporting or leading governance, risk, and compliance (GRC) activities, including risk registers, control documentation, and audit support.
• Ability to influence without direct authority, drive consensus, and remove barriers to risk remediation.
• Familiarity with data protection, third party risk, and operational risk considerations in large or distributed enterprise environments.
• Experience in cybersecurity risk management, governance, or compliance within a medium to large enterprise environment.
• Demonstrated ability to assess, document, and communicate cybersecurity and data protection risks in business terms.
• Working knowledge of cybersecurity and risk management frameworks (e.g., NIST CSF, NIST RMF).
  
  

Minimum Qualifications

• Bachelor's degree (4 years)
• Knowledge acquired through 5 to up to 7 years of work experience

Preferred Qualifications

Bachelor's degree (B.S.) in Cybersecurity, Information Security, Information Technology, Computer Science, Information Systems, Risk Management, or a closely related field.
Experience supporting data protection, third party risk, or compliance initiatives in manufacturing, distribution, or operational environments.
Familiarity with regulatory, audit, and assurance activities (e.g., SOX, PCI, internal audit support).
Experience maintaining cybersecurity risk assessments, risk registers, control documentation, and executive level risk reporting.
One or more professional certifications preferred: CRISC, CISM, CISA, CISSP.

Work Environment

Office environment. 4 days in office, 1 day remote

 

#LI-AF1

Equal Opportunity Employer - All qualified applicants will be considered for employment without regard to disability, protected veteran status, or any other characteristic protected by applicable law.