London, United Kingdom


Information Technology



Job ID


Be a part of a progressive change! At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. PMI’s journey to a smoke-free future is fuelled by technology. The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions. To join us in IT you’ll need to be driven and equally happy whether you’re taking the strategic view or diving deep into processes. We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you’ll ever work with. Rise to challenge We are seeking an IT SECURITY OPERATIONS MANAGER to join our IT Product Lifecycle Management team, located in one of our delivery centers, London As IT SECURITY OPERATIONS MANAGER, you will provide security advisory to support existing systems and new projects for product development of our new reduced risk portfolio at PMI. You will work in close collaboration with the PLM application management and general Information Security Operations team, ensuring that "security-by-design" and "privacy-by-design" requirements are included in the design, implementation, maintenance and decommission phase of existing and new systems. You will be responsible for: • Perform threat modelling on technology systems and establish processes to identify, analyze, and remediate vulnerabilities during application development (e.g., via SAST/DAST – Static/Dynamic Application Security Testing – and VAPT – Vulnerability Assessment/Penetration Testing). • Document technical procedures and guidelines to implement security requirements for the assigned functional domain, including about software development security processes. • Define risk mitigation actions for identified system security gaps and remediate in a timely manner. • Support the Information Security cyber risk metrics and reporting program, and communicate effectively risks, issues and activities to key stakeholders, including Senior Management. • Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance. • Drive cybersecurity resilience activities in assigned functional domain (e.g., back-up & restore, DR). • Represent IT during internal or external audits. • Support incident/ event monitoring and respond and perform post-incident root cause analysis and dissemination of lessons learnt. • Work closely with other IT teams on the remediation activities and patch management to ensure identified vulnerabilities are addressed in a timely manner. We are looking to recruit a candidate with • Minimum 7-10 years of experience in an information security, IT risk management or IT audit function within a large organization. • Proven track record in support and development teams throughout all phases of secure systems development life cycle (design, development, maintenance). • Experience with PLM or Manufacturing / Supply Chain systems. • Good knowledge of typical application design patterns (e.g., web, mobile, thick client, APIs, etc.) • Good understanding of cloud computing architectures (e.g., SaaS, IaaS, PaaS) and their corresponding characteristics in terms of information security. • Knowledge of basic identity and access management concepts (e.g., single sign on, identity federation) and standards (e.g., SAML, OAuth 2.0, OpenID). • Familiarity with most common web application security issues (e.g., OWASP top 10). • Understanding of regulatory requirements (e.g., SoX, GxP, GDPR) and their impact on systems. • Practical experience in Agile / DevSecOps organizations and cultures. • Ability to communicate technical subjects to both IT and business–centric audiences to build champions and deliver results. • Team player with ability to build pro-active, co-operative working relationships with peers and key stakeholder, across cultures and geographies. Your qualification, Education and skills will include: • Critical Requirements: o Bachelor or Masters’ degree in a relevant field o Confirmed (7-10+ years) experience in IT for large companies o Cloud certifications (e.g., AWS Cloud Certified Professional) o Cloud security certifications (e.g., AWS, Azure) • Preferred Requirements: o Software development certifications o Information security or risk management qualifications (e.g., CISSP, CISA, CISM) o API Developer certifications (e.g., MuleSoft) • Industry specific Skills: o Understanding of Manufacturing / Supply Chain processes, o Experience in IT departments in a consumer product manufacturing industry. o Experience in an FMCG, Pharmaceutical or Electronics manufacturing environment. o Good understanding of modern technologies such as IoT, Machine learning, automation. What we offer: Our success depends on our hardworking employees who come to work here every single day with a sense of purpose and an appetite for progress. Join PMI and you too can: • Seize the freedom to define your future and ours. We’ll empower you to take risks, experiment and explore. • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong. • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress. • Take pride in delivering our promise to society: to deliver a smoke-free future. To join our growing team…