Position Title:  Senior IT Analyst (1LoD) - Life Sciences

MAKE HISTORY WITH US!

At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation.

Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management).  Our environment is fast-paced and highly collaborative.  If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.

Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business.

WHO ARE WE LOOKING FOR

We want you to be successful in this role. The list below outlines the essential (and some preferred) qualifications and skills that our ideal IT Analyst (First Line of Defense) possesses: 

• Education: Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field. A relevant master’s or professional certifications like CISSP, CISM, or CRISC are a plus (they show deeper expertise, but are not mandatory).

• Experience: Proven experience in IT risk, security, or analysis. We’re looking for someone with approximately 3-5 years of experience in roles such as IT Security Analyst, IT Risk Analyst, Systems Analyst (with security focus), or similar. Experience in a large enterprise environment is preferred, especially if you’ve worked on or with project teams introducing new systems. If you’ve been involved in security design reviews or risk assessments as part of project development, that’s exactly the kind of background we value.

• Technical Knowledge: Solid understanding of IT architecture and information security principles. You should be comfortable reading and interpreting architecture diagrams and flowcharts of system designs. Knowledge of network security, application security, and cloud security fundamentals will be very useful when evaluating designs. Familiarity with compliance frameworks and regulations (for example, knowing why GxP, GDPR or PCI-DSS might affect a system’s design) is highly advantageous. Basically, you don’t have to be an engineer or architect, but you need to speak their language and have a security-oriented mindset. 

• Analytical & Critical Thinking: Excellent analytical skills with a keen eye for detail. You’ll be poring over technical documents, proposals, and diagrams – the ability to spot inconsistencies or weaknesses is key. We need someone who is not afraid to ask “why?” and dig deeper. When a solution is presented, you think of edge cases or potential failure points. You can prioritize risks (not all issues are equally critical) and focus the team’s attention on what matters most. 

• Communication Skills: Outstanding communication and interpersonal skills are a must. Since you’ll interface with a wide range of colleagues – from highly technical IT architects to non-technical business sponsors – you must be able to adjust your communication style to your audience. You’re adept at explaining complex topics in simple terms and can craft a convincing argument when advocating for a security improvement. Fluency in English is required (our working language); additional language skills are a bonus in our multicultural environment. 

• Collaboration & Influence: A track record of working well in cross-functional teams and the ability to influence without direct authority. You should be confident and assertive enough to challenge ideas when necessary, but also diplomatic and solutions-oriented. We value a positive approach: instead of just saying “No, this is risky,” you propose alternatives and work with the team to fix the issue. Strong stakeholder management skills – keeping people informed, building trust, negotiating priorities – will serve you well. Think of yourself as an internal consultant who helps teams succeed safely. 

• Knowledge of RFI/RFP Processes: Hands-on experience or familiarity with procurement processes, especially RFI/RFP, is a big plus. Perhaps you’ve helped gather requirements for a vendor selection, or you’ve been on the receiving end as a vendor. Understanding how to formulate questions for vendors and how to evaluate their answers will be part of your job. If you know terms like “vendor due diligence” or have used scoring matrices to compare proposals, mention it! 

• Adaptability and Proactiveness: We work in a fast-paced, evolving environment. Projects and priorities can shift, new risks emerge – we need someone who can adapt quickly and maintain composure under pressure. Being proactive is also critical: rather than waiting for issues to come to you, you go out and find them. For example, if you hear about a new project in a planning phase, you might reach out to get involved early. We love self-starters who take initiative. 

• Integrity and Accountability: Because this role acts as a guardian of sorts, we need someone with a strong sense of responsibility. You should be the kind of person who follows through on risk mitigation plans and keeps track of commitments. Ethical judgment is important too – you’ll be privy to sensitive information (like potential vulnerabilities or vendor confidential data), so handling that with integrity and discretion is expected. 

HOW CAN YOU MAKE HISTORY WITH US?

In this section, we outline what you’ll actually do on the job. Every day may be a bit different, but your key responsibilities will include: 

• Embed Security & Compliance in Projects: Be the gatekeeper for IT security in projects. From day one of a project, you will ensure that security controls and compliance requirements are built into the plans. You’ll work closely with project managers to review project charters and technical proposals, identifying potential risks or compliance issues early on. If a marketing project wants to launch a new app, for example, you’ll check that data privacy and security measures are part of the design from the start. 

• Architecture Design Review & Challenge: Don’t be afraid to ask the tough questions! You will review architecture diagrams and technical design documents for new systems or significant changes. Using your expertise, you’ll challenge design decisions constructively – pointing out weaknesses or suggesting better alternatives. For instance, if an architect proposes a certain cloud solution, you might question its resiliency or security configuration and propose enhancements. Your goal is to ensure that our solutions are robust, secure, and aligned with our internal guidelines before implementation. 

• RFI/RFP Preparation and Evaluation: Collaborate with project teams on vendor selection processes. You’ll help craft RFI/RFP documents – basically, the questionnaires and requirements we send to potential vendors. When responses come in, you’ll dig into them: comparing vendor solutions, identifying any concerns (e.g. security gaps, unsupported features), and summarizing findings for decision-makers. For example, if we’re evaluating a new SaaS provider, you might assess their security certifications or architecture against our needs and provide a recommendation. 

• Risk Identification & Mitigation: As the first line of defense, a big part of your job is to spot risks and drive their mitigation. You’ll maintain a risk register for each project or proposal you review – documenting issues like potential data exposure, architecture single points of failure, or non-compliance with policies. Then, you’ll work with the project team to address each item: maybe that means adding encryption, changing a design component, or getting a sign-off from our Data Privacy team. Your proactive risk management will prevent issues down the line, saving the company from incidents or costly rework. 

• Liaison Between Technical and Non-Technical Stakeholders: You will act as a bridge between different groups. In practice, this means translating tech-speak for business folks and vice versa. During meetings, you might explain to a marketing manager why a certain approach is risky in plain language, and later discuss technical solutions with an architect to address that risk. You’ll also coordinate with our central Information Security (second line of defense) teams when needed – for example, to run a formal threat risk assessment or to consult on specialized security requirements. 

• Policy Compliance & Governance: Ensure that all IT initiatives you touch adhere to our internal policies and standards. You’ll become well-versed in our IT controls, security policies, and any relevant regulations (GxP, GDPR, etc.). When reviewing designs or vendor proposals, you’ll check for compliance. If a project involves personal data, are we following our data protection standards? If a vendor will handle confidential info, do we have the right security clauses? You’ll flag any gaps and guide teams to remediate them. By doing this, you help maintain our company’s compliance and avoid headaches later. 

• Security Awareness & Best Practices: As you work with various teams, you’ll also be an ambassador for good security practices. This could involve brief training moments, like advising a team on how to do a proper user access review, or sharing checklist templates for design reviews. Over time, your involvement will help uplift the overall security knowledge in project teams. In essence, you’re not just preventing problems – you’re teaching others how to prevent them too, creating a stronger first line of defense across the organization. 

• Continuous Improvement: After projects finish, not everything will have gone perfectly – and that’s okay. You’ll help gather lessons learned relating to risk and security. Maybe an issue slipped through or a certain requirement was hard to meet; you’ll use that insight to update our RFI question library or design review process for next time. We value a mindset of continuous improvement, so part of your role is to make our first-line defenses smarter each time.

Examples of your impact: In one project, thanks to your early design review, a critical authentication flaw was fixed well before launch (avoiding a potential incident). In another case, your thorough RFP evaluation helped the team choose a vendor that not only fit our functional needs but also had a much stronger security posture, saving the company from future headaches. Your day-to-day work will directly translate into safer, more resilient IT solutions.