IT Security Expert

Be a part of a revolutionary change - find your future in our future At PMI, we’ve chosen to do something incredible. We’re transforming our business and building our future with one clear purpose – to deliver a smoke-free future. We're disrupting our company from the inside out. Our transformation is redefining every area of our business. From where and how we make and sell our products—to how we engage our consumers and society. To support this vision, PMI is evolving into a science and technology-based, consumer-facing, multi-category company—and Information Technology (IT) is a vital partner in helping to lead the way. As we accelerate PMI's vision, we get to dream big too. With unique and transformative IT projects matching all levels of skill and ambition, we've taken on the spirit of a start-up, with the freedom to craft and define our digital future, but with the support and scope of a vast global business. Purpose The IT Security Expert’s (ISE) mission is to provide an effective Cyber and Information Security capability to proactively protect the confidentiality, integrity and availability of PMI data, intellectual property and Information & Technology assets in the market. ISE works close collaboration with IT team, Information Security assurance function, affiliate Information security officers and the head of Information Security Regions (ISR) to bring awareness and compliance of PMI best practices for system security through continuous communication, optimization of tools, techniques and methodologies. In this role you will be responsible for managing the information security and risk practices, guiding the development, and execution of information security programs and strategies in the market, and acting as the security subject matter expert for the IT team in Americas markets. YOUR DAY TO DAY • Maintain strong stakeholder relationships, evangelize security within regional IT department, and Partner with Information Security and other assurance functions to ensure that PMI follows best practices and standards in application and system security by continuously optimizing tools, techniques, and methodologies. • Partner with market Information Security Officers and the Global Information Security team, to define and implement a regional security engagement strategy, support delivering global security program to the region. • Identify and understand the threats, security posture and business processes in the market to effectively engage the IT team in the global security Program roll out. Work with local IT team and help implement processes that is consistent across markets to improve the security of the applications and product deployments that comply with IT policy framework and PMI Principle & Practices. • Partner with Information Security and other assurance functions to ensure that market follows best practices and latest standards and advise market and regional IT team on how to remediate identified cybersecurity issues, in the most effective and cost-efficient way that is in line with IT policy framework. • Engage with regional and market IT peers such as product owners and service manager, throughout system and project lifecycle to implement "security-by-design" and "privacy-by-design" concepts, using PMI IT policy framework as the baseline. • Collaborate with market Information security officer and provide required support to conduct annual cyber risk and maturity assessments in the region and markets. Provide regular reporting of key security metrics and performance at market level IT management and regional IT director. • Raise awareness across the IT organization by providing coaching, training, promoting IT policy framework, security best practices and risk mitigation techniques to reduce the number of repeated application security weaknesses and technical vulnerabilities within the market. • Provide required support for regional execution of cyber-attack simulations, table-top exercises, Information Security Incident Response and Cyber Crisis Management across Americas markets. Participate and support internal or external IT audits, and other security reviews. Continuously follow-up the management action plan derived from these reviews with IT team and ensure timely completion of remediation activities by the respective team. WHO WE’RE LOOKING FOR • Minimum of 5+ years in IT Security and/or related technology experience and track record in IT Security, IT Risk management or IT audit function within large international organizations. • Experience guiding and assisting organizations in implementing appropriate IT Security practices and mitigating risk with sustainable controls. • Proven track record in supporting development teams throughout all phases of systems development life cycle (design, development, maintenance) • Good knowledge of typical application design patterns (e.g., web, mobile, thick client, etc.) • Good understanding of cloud computing architectures (e.g., SaaS, IaaS, PaaS etc) and security. • Knowledge of identity and access management concepts (e.g., single sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID) • Familiarity with most common web application security issues (e.g. OWASP top 10) • Knowledge and experience in governance frameworks and regulatory requirements such as NIST, ISO 27001, SOX, PCI DSS, GDPR, ITIL etc • Any security certificate is a plus. (e.g.: -CISSP,CISA etc) • High degree of initiative, dependability and ability to work with little supervision • Strong influencing and negotiation skills and diplomacy • Team player with ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and teamwork WHY SHOULD YOU JOIN US? At PMI IT, we believe success to be fuelled by our employees, depended on them coming to work every single day with a sense of purpose and an appetite for challenge. We are a people first organisation committed to empowering you to take risks, grow and explore. Here’s what sets us apart: • We’re redefining the big picture of well-being and personal development. We seek the best professionals but recognize them as parents, caregivers, family, and community members. We look after each other and care for our people, so wherever you join us around the world, we’re committed to providing the type of benefits only a company like PMI can offer • Being the fastest learning IT organization in the world is core to our culture, so we invest significantly in developing our people. From mentoring to technical certifications, stretch roles, soft skills development, and executive education, we help our people develop the skills they need to do their best work and create their own unique impact. • At PMI IT, we believe diversity and inclusiveness are essential to every industry. We’re proud that our culture is built upon strong corporate values, a foundation of respect and belonging, and a commitment to diversity and inclusion that welcomes a variety of skill sets, backgrounds, and experiences. • We see digital technology as disruptive, and possibilities as endless. Our teams work with innovative technologies such as Cloud, APIs, IoT and AI, supported by management practices and principles such as Agile, Design Thinking, and Product Management. Every single IT member is part of our Transformation journey. Join us and pursue your ambitions – our staggering size and scale provides endless opportunities to progress. If our culture and mindset resonate with you, we look forward to receiving your application and getting to know you. Together, let’s deliver a smoke free future.