Position Title:  InfoSec Engineer Assessments

MAKE HISTORY WITH US!

At PMI, we’ve chosen to do something incredible. 

We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.

With huge change, comes huge opportunity.  So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions. 

IT at PMI

PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation.

Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management).  Our environment is fast-paced and highly collaborative.  If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.

Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business.

Joining Information Security

Running at the forefront of PMI's Digital Transformation, Information Security offers guidance, solutions and advisory all across PMI, supporting our secure journey towards a smoke-free future.

Our scope ranges from security assessments, architecture, governance and risk advisory, through resilience, cyber threat intelligence and incident response, to supporting PMI Functions, Markets, and Platforms (e.g. Finance, People & Culture, Operations, Consumer or Product) and building an organizational security culture.

JOIN US!

WHO ARE WE LOOKING FOR?

 · Proven experience, preferably in a large organization or consulting companies, in at least one of the areas:

- IT assurance: IT security, IT risk management, IT audit, IT controls

- offensive security: ethical hacking, penetration testing, vulnerability assessment, red teaming

- IT engineering: System adminitrator, IT architecture

· Professional certifications in at least one of the following domains:

- IT systems security and auditing (e.g., CISA, CISSP, CRISC, CISM)

- cloud technologies (e.g., AWS, Azure, Salesforce)

· Proven track record in performing IT security assessments or IT audits for large scale solutions

· Good knowledge of typical application design patterns and their attack vectors (e.g., web, mobile, thick client, etc.)

· Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies and cloud environments

· It is an advantage if you have worked cosely with IT engineers or been working with engineering yourself, e.g., as a system administrator, IT engineer, or as an IT architect

· Knowledge of basic identity and access management concepts (e.g., single-sign on, identity federation) and standards (e.g., SAML, OAuth 2.0, OpenID)

· Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10

· Considerable technical writing proficiency and oral presentation skills

HOW WILL YOU MAKE HISTORY WITH US?

 · Identify cybersecurity gaps in PMI applications and systems using a wide variety of methods, e.g., threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testing

· Evaluate the security posture of the third party solutions using TPCRM methodologies with cybersecurity focus

· Analyze the scope, methodology and results of cybersecurity activities (e.g., ethical hacking) performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI

· Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendors

· Describe and demonstrate identified issues in various forms (e.g. reports, technical debt definitions) and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company

· Advise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way

· Partner with other Information Security leaders to ensure that PMI follows best practices in the application security testing domain by continuously optimizing tools, techniques and methodologies

· Keep up to date with the constantly evolving cyber threat landscape and the latest developments in IT risk management and contribute to PMI’s security standards

What WE OFFER

Our success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can:

· Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore

· Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong

· Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress

· Take pride in delivering our promise to society: to improve the lives of a billion smokers