Kraków, Poland


Information Technology



Job ID


MAKE HISTORY WITH US! At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions. IT at PMI PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation. Such a shift creates an abundance of outstanding and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with ground breaking technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career. Digital at PMI is dynamic and diverse. Join us and become a part of a top talent team where you can bring new insights to life in a global function that is a key driver of the success of our business. IT HUB Krakow With a team of over 300 and more than 20 nationalities, the IT HUB Krakow plays a critical role in creating a smoke-free future around the world. Become a part of a team of engineers, technicians, experts, IT freaks, researchers and innovators and create new IT work standards with us! Joining Information Security Running at the forefront of PMI's Digital Transformation, Information Security offers guidance, solutions and advisory all across PMI, supporting our secure journey towards a smoke-free future. Our scope ranges from security assessments, architecture, governance and risk advisory, through resilience, cyber threat intelligence and incident response, to supporting PMI Functions, Markets, and Platforms (e.g. Finance, People & Culture, Operations, Consumer or Product) and building an organizational security culture. JOIN US! WHO ARE WE LOOKING FOR? • Proven experience, preferably in a large organization or consulting companies, in at least one of the areas: o IT assurance: IT security, IT risk management, IT audit, IT controls, o offensive security: ethical hacking, penetration testing, vulnerability assessment, red teaming o secure software development: S-SDLC, DevSecOps • Professional certifications in at least two of the following domains: o IT systems security and auditing (e.g. CISA, CISSP, CRISC, CISM) o cloud technologies (e.g. AWS, Azure, Salesforce) o ethical hacking (e.g. OSCP, GIAC Penetration Tester, CEH) • Proven track record in performing IT security assessments or IT audits for large scale solutions • Good knowledge of typical application design patterns and their attack vectors (e.g. web, mobile, thick client, etc.) • Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies and cloud environments • Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID) • Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10 • Considerable technical writing proficiency and oral presentation skills WHAT WE OFFER YOU • Wide range of trainings, optional language classes, further education and professional qualification support possibility • Private medical and dental care, life insurance • Lunch card (Sodexo), Multisport & Cafeteria program • Hybrid model of work and flexible working arrangements • Employee pension plan • Free bike and car parking for all employees HOW CAN YOU MAKE HISTORY WITH US? • Identify cybersecurity gaps in PMI applications and systems using a wide variety of methods, e.g. threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testing • Evaluate the security posture of the third party solutions using TPCRM methodologies with cybersecurity focus • Analyze the scope, methodology and results of cybersecurity activities (e.g. ethical hacking) performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI • Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendors • Describe and demonstrate identified issues in various forms (e.g. reports, technical debt definitions) and ensure that relevant collaborators understand the risk that those vulnerabilities pose to the Company • Advise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way • Partner with other Information Security leaders to ensure that PMI follows standard processes in the application security testing domain by continuously optimizing tools, techniques and methodologies • Keep up to date with the constantly evolving cyber threat landscape and the latest developments in IT risk management and contribute to PMI’s security standards • Who we’re looking for • Proven experience, preferably in a large organization or consulting companies, in at least one of the areas: • IT assurance: IT security, IT risk management, IT audit, IT controls, • offensive security: ethical hacking, penetration testing, vulnerability Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted #LI-Hybrid