Position Title: Senior IT Analyst - Data Platform Security
Krakow, MA, PL, 31-982
MAKE HISTORY WITH US!
At PMI, we’ve chosen to do something incredible.
We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.
With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions.
IT at PMI
PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation.
Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.
Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business.
THE PURPOSE OF THIS ROLE
We are looking for a Senior Analyst, Data Platform Security to join our Data Platform group of IT experts. This team manages a widespread portfolio of systems, tools, and technologies that serve the Data Platform at PMI.
The Senior Analyst, Data Platform Security will strengthen our existing Data Platform Security team, acting as a 1st Line of Defense (1st LoD) for information security. You will ensure that PMI Data Platform systems are deployed and maintained securely, collaborating closely with Engineering teams to meet InfoSec standard requirements.
WHO ARE WE LOOKING FOR?
In this role, you MUST:
-
· Have a university degree, preferably in Computer Science, Information Security, Cybersecurity, Engineering, or a related field
· Have a minimum of 5 years of experience in an information security, IT risk management, or IT audit function within a large organization. Industry certifications such as CISSP, CISA, or CISM are a plus
· Have a solid understanding of data platform concepts (e.g., data warehouse, data lake, lakehouse, data mesh), architectural differences (e.g., centralized vs. decentralized data ownership, batch vs. streaming pipelines, cloud-native vs. on-premise platforms), and security implications (e.g., access control models, data lineage and auditability, encryption, data classification)
· Have a general understanding of internationally recognized frameworks and standards (e.g., ISO 27001, SOC 2) and regulatory requirements (e.g., SOX, GDPR) relevant to information security, privacy, and data protection
· Be familiar with data platform tools and technologies (e.g., Snowflake, Databricks, dbt Cloud, Matillion) as well as key cloud hosting services (e.g., AWS, Microsoft Fabric)
· Be a problem solver with excellent organizational skills
· Be disciplined and autonomous in handling demands within a constantly changing environment and working closely to deliver committed results
· Be courageous and determined to get things done through others, able to persuade them into executing on your request, tracking timelines, and escalating if necessary
· Have strong presentation, verbal, and written communication skills in English with the ability to articulate complex ideas in easy-to-understand business terms to all levels of the organization
· Have the ability to effectively manage multiple stakeholders and competing priorities with high attention to detail
HOW WILL YOU MAKE HISTORY WITH US?
In the role of the Senior Analyst, Data Platform Security you will:
-
Own key security processes and drive process adherence for systems of PMI Data Platform to achieve SLA/KPI compliance
-
Patch Management: Ensure all infrastructure and software are regularly patched and upgraded
-
Vulnerability Management: Ensure all identified vulnerabilities are closed within SLA
-
IT Risk Management: Ensure all IT risks have updated action plans in place and that these action plans are executed on time
-
IT Resilience: Ensure all critical systems have backup, restore, and IT Disaster Recovery arrangements in place and that they are documented (e.g., IT DR Plan) and regularly tested (e.g., backup restoration testing, IT DR Plan testing)
-
Lead, in strong partnership with Product Owners and Engineering Managers, adherence of PMI Data Platform systems to all PMI policies and standards defined in PMI's IT Policy Framework (ITPF)
-
Support projects (implementation of new and evolution of IT applications) and existing products and systems throughout their entire life-cycle in all IT security-related topics
-
Conduct security reviews for projects according to PMI’s stage-gate process, including Vendor Contract Reviews, Solution Outline Reviews, Threat Model Reviews, Migration Plan Reviews, Access Model Implementation Reviews, System Integration Reviews, etc.
-
Act as a single point of contact (1st LoD) for one or more Digital Products (a collection of systems under the PMI Data Platform), which may require hands-on experience with specific system implementations and their security configurations
-
Design and build, in collaboration with the Site Reliability Engineering Team, the security observability capability to enable active monitoring, reporting, and governance on key security metrics for systems under the PMI Data Platform
-
Support the execution of key PMI Information Security Programs for systems under the PMI Data Platform, such as onboarding of system logs to SIEM, enablement of MFA, implementation of new RBAC/ABAC models, etc.
-
Act as a single point of contact between PMI Data Platform teams and risk assurance functions at PMI
-
Partner with Information Security (2LoD) to ensure that PMI follows best practices and latest market standards for systems under the PMI Data Platform
