Information Security Leader/Manager

MAKE HISTORY WITH US! At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions. IT at PMI PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation. Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career. Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business. IT HUB Krakow With a team of over 300 and more than 20 nationalities, the IT HUB Krakow plays a critical role in creating a smoke-free future around the world. Become a part of a team of engineers, technicians, experts, solid IT freaks, researchers and innovators and create new IT work standards with us! Joining Information Security for Corporate Functions Running at the forefront of PMI's Digital Transformation, Information Security offers guidance, solutions and advisory all across PMI, supporting our secure journey towards a smoke-free future. Our scope ranges from security assessments and consultations, architecture, governance and risk advisory, through resilience, cyber threat intelligence and incident response, to supporting PMI Corporate Functions (e.g. Finance, People & Culture, Sustainability, Legal) and building an organizational security culture (via e.g. trainings and advisory). JOIN US! The purpose of the Information Security Manager/Leader role is to ensure that systems in PMI Corporate Platform are deployed and maintained in a secure manner (via e.g.: providing security advisory in process of system selection up to decommissioning) in compliance with PMI policies and security standards. Foster a more cyber risk aware culture in the IT organization. WHO ARE WE LOOKING FOR? • Expert in information security with at least 5 years of experience in information security, IT risk management or IT audit function within a large organization • Trusted advisor to IT management on information security aspects of company data processing (e.g.: access management, backup & resilience, IT controls, contractual and regulatory obligations, data at rest and in transit, encryption) • Advisor the IT organization and the wider business on adoption of a risk-based decision-making culture to accelerate our business transformation, while handling risk and meeting regulatory compliance requirements as a part of a governance, risk, and compliance (GRC) framework • You maintain and renew a knowledge and understanding of technical and compliance aspects of security (e.g.: common application security issues, identity and access management concepts, cloud computing architectures, regulatory requirements (e.g. SOX, GDPR, PCI) and their impact on systems) WHAT WE OFFER YOU? • Wide range of trainings, optional language classes, further education and professional qualification support possibility • Private medical and dental care, life insurance • Lunch card (Sodexo), Multisport & Cafeteria program • Hybrid model of work and flexible working arrangements • Employee pension plan • Free bike and car parking for all employees • Eligibility to participate in Copyrighted Work program (possibility to increase tax-deductible costs) HOW WILL YOU MAKE HISTORY WITH US? • Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods, and tools • Perform active governance on key security metrics for systems under responsibility • Raise security awareness across the team by providing coaching, trainings, promoting webinar attendance or similar activities that reduce the number of repeated application security weaknesses and technical vulnerabilities • Support projects (implementation or evolutions of IT applications) thought the process in all IT security related topics (supports RFPs and its outcomes, reviewing security related documentation and system configuration, identifying risk and point for attention) • Partner with Information Security (2LoD) to ensure that PMI follows best practices and latest market standards in application and system security by continuously optimizing tools, techniques and methodologies • Actively participate in cyber incidents impacting solutions under responsibility, from identification to eradication, working closely with central teams (e.g. SOC and IRM) • Represent IT during internal or external audits, incl. regulatory reviews, to make sure all the data and evidence presented is accurate and complete. Participate in the rating discussions. Ensure timely completion of remediation activities • Manage the full lifecycle of risk management at the system or platform level, from identification to closure Where we See This Role Going • As we progress on our business transformation journey, the Information Security Manager/Leader will help drive the adoption of PMI IT Security Standards to help protect our business and data • The role actively participates in securing the portfolio with opportunities to codesign approach and driving it together with colleagues • We see this role further growing with the function and the company, and are looking for an experienced profile with the clear willingness to help secure the application portfolio within the IT organization Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted. @LI-Hybrid