Tokyo, Japan





Job ID


1. Purpose of the Job With PMI’s journey towards a smoke-free future and a consumer-centric organization, the company faces new opportunities and risks. To safeguard the company’s business objectives, ensure its delivery against strategic opportunities, and protect the company against emerging uncertainties, a highly professional and industry-leading risk management and internal controls practice is required. The Risk & Controls (R&C) function within PMI defines, leads, monitors the risk management and internal controls practices, and drives the various activities surrounding it. The Manager Risk & Controls is responsible for: 1. the operational execution of the ongoing risk management and internal control activities (i.e., primarily advisory / review activities and risk assessment activities) to support the affiliate Consumer and specifically within the company’s Business-to-Consumer (B2C) domain by self-executing such activities; 2. establishing with the business teams, their processes for key business and technology initiatives, identifying and prioritizing risks, defining the design and implementation of an effective internal control framework (incl. clear accountabilities of controls owners); 3. following up on any relevant identified elevated and/or evolving risks across the Consumer function or B2C domain in general (e.g. control deficiencies, new -external- risks etc.) 4. seeking and implementing opportunities to increase the added business value perceived by senior stakeholders (both within, but moreover, outside of R&C) from the overall R&C activities deployed across the ‘Consumer’ function or the company’s B2C domain in general. 2. Principal Accountabilities The Manager Risk & Controls is responsible to achieve the R&C function’s ‘regular’ risk management / internal controls objectives within his/her key areas of accountability. These are: Accountability 1: Self-execute and drive to identify, assess, monitor and recommend mitigating responses to key risks within in the functional domain Consumer and the company’s B2C domain in general. The primary risks areas include, amongst others, financial reporting risks (SOX), operational risks, compliance risks, business continuity risks, third party risks, information security risks and data privacy risks. Accountability 2: Manage stakeholders across the company by preparing and communicating easy-to-understand yet impactful risk management and internal controls related insights. These insights cover both the functional domain as supported by the Manager Risk & Controls, but also on the overall risk culture across the company as a result of the deployed transformational activities. In addition to these main accountabilities the Manager Risk & Controls possess relevant knowledge and experience in governance, risk management, internal controls, and general assurance provisioning activities, is supporting the Risk & Controls functions to increase the business added value of risk management and internal control activities and is a contributor in achieving continuous improvement within the risk function. The Manager Risk & Controls communicates key issues to stakeholders, engages productively with stakeholders up to management levels (affiliate’s management team) within the organization and has the courage to ‘step up’ and provide full and frank information and challenge assumptions while avoiding surprises. The Manager Risk & Controls is providing through high quality deliverables to the Risk & Controls function with all necessary functional insights (i.e. Consumer / B2C) to drive the value add of risk management activities to the business rather than solely delivering ‘compliance style’ review activities (i.e. in a policing capacity). The position demands flexibility given that emerging / evolving risks are identified both through structured planning and ad-hoc due to company internal or external factors. Given the consultative nature of the activities, the Manager Risk & Controls is expected to deliver at all times high quality deliverables, prepared in regular Microsoft Office tools suite (e.g. PowerPoint, Word, etc.). Deliverables need to be prepared in a structured way by applying professional judgement, global and business acumen. The Manager Risk & Controls should ensure that such deliverables are of business relevance, added value having the interests in mind of the individual business stakeholders, the Management, and the Risk & Controls team at the affiliate. 3. Skills and Competencies Education • University degree (MSc) level education (e.g. Economics, Informatics, etc.) • Optional ‘post university’ professional certification / education – examples: Certified Public Accountant (CPA), Executive Master Internal/Operational Auditor (EMIA), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Governance Risk Compliance Professional (GRCP) Certification, etc. Work Experience • Minimum 8-10 years of experience in (Enterprise) Risk Management, Internal Controls, GRC, Audit, Accounting, Finance, or a combination of the six. • Relevant experience in: o ‘Big Four’ and/or other public accounting / audit / consulting o Fast Moving Consumer Goods (FMGC) and Business-to-Consumer (B2C) o Optional: multi-year international / global assignments Other skills The Manager Risk & Controls possesses fluent written and verbal English business professional language skills (Japanese is a plus) and can present with impact, clarity by leveraging from materials prepared within the default suite of office tools (Microsoft Office Suite, including PowerPoint, Teams, SharePoint, Word, Excel, etc.). Optional: experience with GRC (Governance, Risk & Compliance) technology solutions (e.g. IBM OpenPages).