Position Title: Manager Tech Information Security (CA, Legal & Risk)
Krakow, MA, PL, 31-982
MAKE HISTORY WITH US!
At PMI, we’ve chosen to do something incredible. We’re transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.
With huge change comes huge opportunity. Wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions, while having the space to move your career forward in many different directions.
Tech at PMI
As PMI transforms into a science- and technology-driven organization, our technology teams play a key role in shaping the future of the business. Working across Cloud, AI, cybersecurity and digital platforms, we build solutions that support PMI markets worldwide.
Tech HUB Krakow
Tech Hub Krakow is PMI’s first and largest Tech Hub, bringing together more than 300 professionals from 28 nationalities. Combining global impact with a collaborative and innovative culture, the hub is at the forefront of PMI’s digital transformation and smoke-free future.
Joining Information Security for Corporate Functions
Running at the forefront of PMI’s AI and Digital Transformation, Information Security provides guidance, solutions and advisory across PMI, supporting our secure journey towards a smoke-free future.
Our scope ranges from security assessments and consultations, architecture, governance and risk advisory, resilience, cyber threat intelligence and incident response, to supporting PMI Corporate Functions in the Corporate Affairs, Legal, Risk, People&Culture areas and building an organizational security culture through training, advisory and awareness activities.
JOIN US!
Manager Tech Information Security – IT Corporate Platform (CA, Legal and Risk)
The Manager Tech Information Security (CA, Legal & Risk) acts as the trusted security partner for PMI’s Corporate Affairs, Legal and Risk platforms, ensuring technology solutions are secure, compliant and resilient. The role drives security- and privacy-by-design principles, enabling risk-informed decisions and strengthening cyber resilience across applications, data and technology services.
WHO ARE WE LOOKING FOR?
- Expert in information security, with at least 7 years of experience in information security, IT risk management, IT audit including SOX, cybersecurity governance or related disciplines within a large organization.
- Trusted advisor to IT management on information security aspects of company data processing, including access management, backup and resilience, IT controls, contractual and regulatory obligations, data protection, encryption and application security.
- Experience supporting enterprise applications, Corporate Management systems, SaaS platforms, cloud technologies and third-party integrations with a preference for Corporate Affairs, Legal and Risk Management.
- Ability to support the IT organization and the wider business in adopting a risk-based decision-making culture, while managing risk and meeting regulatory compliance requirements as part of a governance, risk and compliance framework.
- Strong knowledge of technical and compliance aspects of security, including information security frameworks such as NIST and ISO/IEC 27000, security architecture, application security, identity and access management, cloud computing architectures, SOX, GDPR and PCI requirements.
- Possession of security certifications such as CISSP, CISA, CISM or CRISC is highly preferred.
- Strong communication and influencing skills, with the ability to translate technical risks into clear business language and work effectively across business, technology, compliance and security teams.
WHAT WE OFFER YOU?
- Wide range of trainings, optional language classes, further education and professional qualification support possibilities.
- Private medical and dental care and life insurance.
- Lunch card, Multisport and Cafeteria program.
- Hybrid model of work and flexible working arrangements.
- Employee pension plan.
- Free bike and car parking for employees.
- In this position you will earn no less than 21 800 PLN gross monthly.
HOW WILL YOU MAKE HISTORY WITH US?
- Act as the first-line technology security partner for Tech CA, Legal and Risk Management platforms, ensuring security-by-design and privacy-by-design are embedded from solution selection, RFP and implementation through run, change and decommissioning.
- Translate PMI information security standards, policies and control expectations into practical actions for platform teams, product owners, vendors and delivery partners.
- Maintain active governance over security posture, key risk indicators, control evidence, vulnerabilities, remediation plans and recurring application security weaknesses.
- Support technology projects and platform evolutions by reviewing security documentation, architecture decisions, system configurations, access models, data protection requirements and risk acceptances.
- Partner with Information Security Second Line of Defense, SOC, IRM, audit teams and platform stakeholders to ensure risks are identified, assessed, documented and remediated in a timely and transparent way.
- Represent IT during internal audits, external audits and regulatory reviews, ensuring that evidence is accurate, complete and aligned with the actual control environment.
- Drive security awareness within Tech CA, Legal and Risk Management by coaching teams, promoting training, sharing lessons learned from incidents and reducing repeat vulnerabilities.
- Support cyber incident response for solutions in scope, from identification to containment, eradication and post-incident improvement actions.
- Contribute to continuous improvement of IT processes by embedding robust security measures and IT controls that protect the confidentiality, integrity and availability of data and business processes.
Where We See This Role Going
- As PMI progresses on its business transformation journey, the Manager Tech Information Security will help drive adoption of PMI IT Security Standards to protect business processes, technology assets and data.
- The role will actively participate in securing the CA, Legal and Risk Management application portfolio, with opportunities to co-design approaches and drive them together with colleagues across IT and Information Security.
- We see this role growing with the function and the company, and are looking for an experienced profile with the willingness to strengthen secure-by-design delivery across the IT organization.
Relocation support is not available for this job
At PMI we run the business in line with ethical principles and encourage SpeakUp culture. We care for equal chances and fair treatment. If you find anything that violates these principles in this job offer or the recruitment process, you may contact our Ethics and Compliance Team at PMIEthicsandCompliance@pmi.com. Read more about Ethics&Compliance at PMI – here.