Istanbul, Turkey


Information Technology



Job ID


At PMI, we’ve chosen to do something incredible! We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future. PMI’s journey is fueled by technology and the total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions. We are looking for an innovative, out-of-the-box IT Security Expert who will be responsible for providing an effective Cyber and Information Security capability to proactively protect the confidentiality, integrity and availability of PMI data, intellectual property, and Information & Technology assets in the markets of competence. YOUR challenge will be: • Be the face of Information Security in the region. Maintain strong stakeholder relationships, evangelize security, and find opportunities for security to add value within the region. Deliver the Global Security program to the region. Support local entities including specific initiatives with ISE relevance. • Partner with other ISOs and the Global Information Security team, to define and implement a regional security engagement strategy. • Understand the threats, security posture and business processes of markets and to effectively engage them in the Security Program. Actively govern Cyber and Information Security risks in the MEA markets in a manner that meets compliance, regulatory requirements, and PMI’s risk appetite. • Communicate and support adherence of PMI’s IT policies and standards within the region. Work with global teams to ensure IT policies, standards, and control frameworks consider regional nuances responding to local laws, regulations, and other local requirements. • Advise and support market business and enable teams to implement practices that meet defined policies and standards for information security. Work with project management offices and relevant teams to ensure embedding security-by-design into local and/or regional projects involving PMI systems and/or data (Build Secure). • Conduct risk and maturity assessments from a cybersecurity risk perspective, evaluate compliance of IT services with relevant security and regulatory requirements (Stay Secure). • Strengthen ownership and awareness of Information and Cyber Security through continuous trainings and awareness campaigns across the MEA markets. • Support regional execution of cyber-attack simulations and table-top exercises, coordinate Information Security Incident Response and Cyber Crisis Management across the MEA markets. Operate regional security governance structure and report to global security committees and market and regional management teams. WHO we’re looking for: • University Degree (Computer, MIS, Math preferable). • 5+ years’ experience in similar roles • Cyber Security or Risk & control experiences are a plus. • English, Business Modeling, and advanced analytical skills. • Experience in IT Security and/or related technology experience and track record in IT Security, IT Risk management or IT audit function within large international organizations is a plus. • Experience guiding and assisting organizations in implementing appropriate IT Security practices and mitigating risk with sustainable control • Proven track record in supporting development teams throughout all phases of systems development life cycle (design, development, maintenance) • Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.), cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) , identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID) • Familiarity with most common web application security issues (e.g. OWASP top 10) is a plus. • Good understanding of regulatory requirements (e.g. SOX, GDPR, PCI) and their impact on systems • Knowledge of security integration with CI/CD Pipeline is a plus. • Knowledge of ITIL framework and processes is a plus. • High degree of initiative, dependability, and ability to work with little supervision • Strong communication skills and ability to communicate technical subjects to both IT and business–centric audiences to build champions and deliver results • Team player with ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and teamwork • Must have at least a bachelor's degree, (preferably in computer related area) • Having Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials is a big plus • Flexible approach to travel (15-20%) once things settle down Our success depends on our dedicated employees who come to work here every single day with a sense of purpose and an appetite for progress. Join PMI and you too can: • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong. • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provide endless opportunities to progress. • Take pride in delivering our promise to society: to deliver a smoke-free future. • PMI is an Equal Opportunity Employer