Krakow, Poland


Information Technology



Job ID


MAKE HISTORY WITH US! At PMI, we’ve chosen to do something incredible. We’re totally transforming our business, and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. JOIN US! WHO ARE WE LOOKING FOR? •Minimum 10 years of experience in application security and/or IT risk management, preferably within a large organization •Minimum 3 years of experience in managing large-sized (20-30 people) teams of information security specialists •Proven track record in supporting development teams throughout all phases of systems development life cycle (design, threat modeling, development, maintenance) •Experience in managing partners including business owners, product teams, and contractors/vendors •Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics of InfoSec •Practical knowledge of modern application architectures including microservices, containers, APIs, and serverless technologies •Considerable technical writing proficiency and oral presentation skills •Good understanding of the industry and regulatory requirements (e.g. SOX, GDPR, PCI) •Knowledge of common web/mobile development technologies (e.g. ASP.NET, C#, Java, JavaScript, Ruby, Python) •Practical experience in Agile/DevOps organizations and cultures HOW CAN YOU MAKE HISTORY WITH US? •Lead a team of application security specialists that support IT platforms •Ensure that the team is staffed with the required talent and operates in line with Information Security processes and requirements •Review work and deliverables of the team to guarantee that they meet the level of quality •Continuously evolve the team by crafting learning paths and development programs for team members. •Ensure team members maintain their information security knowledge by continuous self-learning and participating in training or conferences •Apply management practices to balance between individual needs and budget available •Act as a trusted partner for IT platforms teams on application and systems security topics •Provide expert recommendations on how to embed cybersecurity into the systems development life cycle process, e.g. by facilitating the execution of threat modeling activities and encouraging the adoption of DevSecOps principles •Ensure that third-party risks are handled appropriately and that systems are designed and implemented in accordance with internal and external InfoSec requirements •Act as an issue point for critical information security risks related to projects or products that require immediate remediation •Manage peaks in the demand for application security advisory services and manage the onboarding of external/contracted application security specialists when the team capacity is exceeded •Establish metrics to measure the efficiency of the overall application security program, e.g. by reporting on the number of initiatives supported, average time and effort spent, common findings and pitfalls identified during the fieldwork, etc. •Periodically report to other Information Security leaders about the status of the program and progress of any improvement initiative •Partner with other Information Security leaders to ensure that PMI follows best practices and market standards in the application security domain by continuously optimizing tools, techniques, and methodologies •Keep up to date with the constantly evolving cyber threat landscape and the latest developments in application security •Drive security awareness programs for IT platforms/platform enabling teams by organizing lectures, webinars, or training on secure software development, secure coding, and other information security topics Please note that only online applications will be taken into consideration. Only selected candidates will be contacted.