London, United Kingdom


Information Technology



Job ID


Be a part of a revolutionary change At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. PMI’s journey to a smoke-free future is fueled by technology. The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions. Join us in this role and you’ll be part of our IT Information Security international team in the beautiful city of London, Great Britain. The mission: The primary mission of the Vulnerability Management team is to enable proactive defense of PMI IT assets. The VM team helps finding vulnerabilities in technology and enabling security and IT teams to take proactive measures before attacks occur. The VM team is part of PMI’s global Cyber Defense team and is leading the VM program for all IT platforms including Enterprise IT, Operations Technology, Consumer Websites, and Electronic Products. This not an operational team in charge of patching, rather instead a team working with IT and Business counterparts to help them understand their vulnerability footprint and influence them to implement mitigations in a timely manner. Your day to day: • Work with other PMI Digital Security SMEs to build a view of all assets to be included within the scope of the Digital Threat & Vulnerability Management scope • Develop a process to identify brand & technology as relevant to the Digital business & landscape • Incorporate Threat metrics into the vulnerability management lifecycle to better understand the criticality and priority of vulnerability remediation • Manage vulnerability management program, scanning functions, code review, firewall review ensuring regular scanning and review of assets and applications to identify network, infrastructure and configuration vulnerabilities • Engage with Security Product Leads and Leadership within to continuously enhance and communicate the importance of vulnerability remediation from a technical perspective • Using the existing toolset, ensure that all vulnerabilities are tracked and have an appropriate system owner • Ensure new/all vulnerabilities are communicated in a standard, efficient and timely manner • Build and operate a process to contain or remediate zero-day vulnerabilities in order to protect the Digital infrastructure • Develop an emergency & critical response plan to engage appropriate leadership in the event of an emergency or critical remediation activity to expediate fix or containment • Build a dashboard that is accessible by various technical & non-technical stakeholders and that is continuously updated with the running status of vulnerabilities with the Digital infrastructures • Using the existing toolset, design and deploy the relevant vulnerability management infrastructure to support both internal, external, XaaS and partner vulnerability scanning capabilities • Support new project, program or initiatives with vulnerability scanning of new or existing assets as required • Review and risk assess the criticality and priority of all vulnerability scans (along with existing toolset for prioritization) Who we are looking for: • Minimum of 5 years working on large scale threat & vulnerability management • Working knowledge of Tenable or similar technologies/tools • Good understanding of Vulnerability Risk management practices • Good knowledge & experience in implementing Cyber Risk Governance models & frameworks for large organizations • Good knowledge & experience with XaaS solutions such as AWS, Salesforce, Adobe, etc. • Good knowledge of working with vulnerability management tools such as Qualys, Nessus, Kenna, Fortify, etc. • Good technical knowledge of Linux (RHEL, Debian, OpenSUSE, Ubuntu) Windows Server/Desktop, OSX, etc. • Good knowledge of development languages (Java, Python, JavaScript, NodeJS, Ruby) a plus • Technical knowledge & experience of IT architecture and infrastructure • Good understanding of information security standards • Broad knowledge of good security practice ensuring all aspects of Confidentiality, Integrity and Availability are adhered to o Excellence at stakeholder engagement & build strong partnerships across the technology & business teams o Knowledge on security best practices and frameworks (ISO 27001, NIST, COBIT, ISF, ITIL, SABSA, OWASP) • Open for travel occasionally What we offer Our success depends on the people who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can: • Seize the freedom to define your future and ours – we’ll empower you to do things differently, experiment and explore • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress • Take pride in delivering our promise to society: to improve the lives of a billion smokers