Manager InfoSec Operations Plants

At PMI, we’ve chosen to do something incredible. We’re totally redefining our business and building our future on smoke-free products with the power to deliver a smoke-free future. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions. YOUR DAY TO DAY • Lead stakeholder management and reporting (e.g., via dashboards, slide decks, awareness webpages), including with Directors Manufacturing of the plants in the assigned region(s), to get buy-in about the InfoSec Cyber Risk Program, show cybersecurity progress over the years, provide a status update on cyber-risks, and facilitate people/resource mobilization for what concerns local risk-reduction plans' implementation. • Provide continuous guidance and advisory, including in the form of training and awareness and by means of meetings, workshops, and other events (organized or attended), to local stakeholders at the plants in the assigned region(s), to facilitate adherence to all PMI policies, guidelines, baselines and standards on security and compliance. • Coordinate project assurance of selected Operations initiatives (such as projects, PoV, MVP) at the local level in the assigned region(s), and perform risk management, in strict alignment and collaboration with other teams in IT and beyond, with the biggest purpose to enable a secure Operations digital transformation. • Co-lead, in strict alignment with other InfoSec colleagues, the implementation at plants in the assigned region(s) of the yearly InfoSec Cyber Risk Program dedicated to Operations, which is aligned with the Operations strategic programs and the internal Cyber Threat Assessment process, in order to increase Operations cybersecurity maturity and enable a secure digitalization strategy. • Co-lead, in strict alignment with other InfoSec colleagues, the implementation at plants in the assigned region(s) of the global initiatives part of the yearly InfoSec Cyber Risk Program. • Lead periodic security assessment of Operations plants, processes, and technology systems within the assigned region(s), including for plants that become part of the scope as per M&A initiatives, in order to identify security gaps, perform risk management, and define risk-reduction actions to be implemented by teams within and beyond IT. • Perform periodic monitoring of the security status of the technologies (IT and OT) in the shop floor at plants in the assigned region(s), for what concerns e.g. network segregation/segmentation, vulnerability and patch management, Operating System obsolescence management, Anti-Virus status, access control, disaster recovery, and applicable security controls implementation. Perform local portfolio management and risk management (e.g., risk acceptance or reduction), including by triggering tactical quick wins with proper stakeholders within and beyond IT. • Assist the Cyber Defense team in managing cybersecurity incidents at plants in the assigned region(s), providing OT-related knowledge, liaising with local stakeholders, and leading the definition and implementation coordination of subsequent risk-reduction plans. WHO WE’RE LOOKING FOR: • University Master's Degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent). • 7+ years in IT teams at international companies, performing activities relevant to information security, such as e.g. risk management, security demand management, security audit, security governance, application security, system controls, disaster recovery, and business continuity • 5+ years of experience as people manager of direct or indirect reports, including suppliers • 3+ years in OT teams at international companies, performing activities relevant to information security, such as e.g. factory network segregation/segmentation, OT network monitoring and visibility management, ICS patch management, disaster recovery • Experience with securing ICS technologies, e.g. Programmable Logic Controllers (PLCs), Human-Machine Interface (HMI), Distributed Control Systems (DCS), Supervisory Control and Data Acquisition (SCADA), and Building Management Systems • Experience implementing information security programs for Operations' functions, e.g. Manufacturing, Supply Chain, Prototyping and Industrialization areas • Experience with project management, preferably related to information security areas • Knowledge of cybersecurity standards, such as ISA/IEC 62443, NIST 800-82 • Knowledge of Industrial Internet of Things (IIoT) platforms and cloud computing architectures (e.g. IaaS, PaaS, SaaS) • Excellent skills in stakeholder management, collaboration, written and oral presentation in English, abstract thinking, problem-solving, and decision-making • Quick learner with a pragmatic, analytical, and autonomous mindset • Professional certifications in IT and OT Security, e.g. (ISC)2 CISSP, (ISC)2 ISSMP, ISO 27001, ISACA CRISC, ISACA CISA, ISACA CISM, SANS GIAC GICSP, SANS GIAC GRID, ISA/IEC 62443 Cybersecurity Certificate Program • Professional certifications in Project Management: PMP or PRINCE2 • Understanding of Agile/DevOps organizations and cultures. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment.