Position Title:  Senior IT Security Analyst - Data & AI Platform

*The functional job title is Senior IT Analyst, Data Platform Security

**The job can be based in Poland or Portugal.

MAKE HISTORY WITH US

At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions.

We are looking for a Senior IT Security Analyst - Data & AI Platform to join our group of IT experts that manage a broad portfolio of systems, tools, and technologies that serve the Data & AI Platform for the entire enterprise. 

Over the past few years, we have built a modern Data & AI Platform to enable PMI’s data-, analytics-, and AI-driven transformation. The platform is based on state-of-the-art architectures and technologies, covering data lake/lakehouse solutions, data ingestion and ELT, data management, data visualization and business intelligence, data science (advanced analytics and machine learning), as well as our latest AI stack, including the LLM Playground, Agentic Playground, and GenAI Platform. 

Our team is responsible for centrally building, evolving, and operating the global Data & AI Platform for the rest of PMI teams that develop data products, analytical solutions, and AI-driven applications on top of it. 

The Senior IT Security Analyst - Data & AI Platform will strengthen the existing Security team by acting as a 1st Line of Defense representative for information security. The role ensures that PMI’s Data & AI Platform is deployed and operated securely, effectively bridging the speed and agility of Product teams (Architecture, Engineering, Support) with strict adherence to enterprise policies and standards governed by 2nd Line of Defense functions (Information Security, Privacy, Legal). 

JOIN US

WHO ARE WE LOOKING FOR?

• University degree, preferably in Computer Science, Information Security, Cybersecurity, Engineering, or a related field

• Minimum of 5 years of experience in information security, IT risk management, or IT audit within a large organization. Industry certifications such as CISSP, CISA, or CISM are an advantage

• Demonstrated knowledge and practical implementation experience with global AI security standards, regulations, and frameworks (e.g., ISO/IEC 27090, EU AI Act, OWASP AI Exchange)

• Experience supporting and securing AI/ML platforms built on a modern technology stack, spanning model development and hosting (e.g., Amazon SageMaker), foundation model consumption (e.g., Amazon Bedrock), LLM orchestration (e.g., LiteLLM), observability and evaluation (e.g., LangSmith), automation workflows (e.g., n8n), and third‑party AI services and enrichment tools (e.g., Tavily, Nova Lite)

• Proven experience defining and operationalizing secure shared‑responsibility models for AI/ML platforms and product teams consuming them, ensuring security and compliance are enforced by default through platform‑level and product‑level controls (e.g., model and agent access restrictions, data boundary enforcement, secure prompt and output handling, model lifecycle governance, and human‑in‑the‑loop controls)

• A solid understanding of data platform concepts (e.g., data warehouse, data lake, lakehouse, data mesh), architectural differences (e.g., centralized vs. decentralized data ownership, batch vs. streaming pipelines, cloud-native vs. on-premise platforms), together with their security implications (e.g., access control models, data lineage and auditability, encryption, data classification)

• A general understanding of internationally recognized frameworks and standards (e.g., ISO 27001, SOC 2) and regulatory requirements (e.g., SOX, GDPR) relevant to information security, privacy, and data protection

• A problem solver with excellent organizational skills

• A disciplined and autonomous individual in handling demands within a constantly changing environment and working closely to deliver committed results

• Be courageous and determined to get things done through others, able to persuade them into executing on your request, tracking timelines, and escalating if necessary

• Strong presentation, verbal, and written communication skills in English with the ability to articulate complex ideas in easy-to-understand business terms to all levels of the organization

• The ability to effectively manage multiple stakeholders and competing priorities with high attention to detail

WHAT WE OFFER YOU?

Important note: The benefits list depends on where the selected candidate will be hired: in Poland or in Portugal. We are open for both locations.

Benefits in Poland:

• In this position you will earn no less than PLN 17 600 gross per month
• Private medical and dental care, life insurance
• Hybrid model of work and flexible working arrangements (40% of office work and 60% of home office / month)
• Employee pension plan
• Lunch card, Multisport & Cafeteria program
• Wide range of trainings, language learning platform, further education and professional qualification support possibility
• Free bike and car parking for all employees

Benefits in Portugal:

• Permanent local contract with a competitive salary together with Tabaqueira’ s employee benefits
• Life and Health insurance
• Employee Pension Plan
• Hybrid working model (or fully remote)
• Growing opportunities within the Company, both at national and international level
• Very diverse and international work environment
• Wide range of trainings and further education and professional qualification support possibility

HOW CAN YOU MAKE HISTORY WITH US?

• Act as the designated security single point of contact for one or more Product Teams, supporting a portfolio of tools, technologies, and platform capabilities within the PMI Data & AI Platform, and serving as an embedded 1st Line of Defense representative supporting day‑to‑day product delivery while ensuring security and compliance with company policies and standards

• Support initiatives delivering new systems or evolving existing ones by performing hands‑on security reviews across the delivery lifecycle, including stage‑gate reviews such as Third‑Party Due Diligence, Vendor Contract Reviews, Solution Outline Reviews, Threat Modeling, Migration Plan Reviews, Access Model Implementation Reviews, System Integration Reviews, and security testing activities (e.g., SAST, DAST, penetration testing)

• Drive adherence to business‑as‑usual security processes across Product Teams (e.g., patch management, vulnerability management, and IT resilience)

• Be accountable for timely remediation of security risks, findings, and vulnerabilities

• Design and build security observability capabilities, in close collaboration with Site Reliability Engineering teams, to enable active monitoring, reporting, and governance of key security metrics for systems across the Data & AI Platform

• Continuously improve security processes and ways of working across the Data & AI Platform, reducing friction and bottlenecks by leveraging AI and automation to deliver measurable efficiency gains (e.g., faster throughput, improved consistency, reduced handoffs, and recovered engineering capacity)

• Support the execution of key enterprise Information Security programs for systems under the Data & AI Platform scope

• Partner closely with 2nd Line of Defense functions (e.g., Information Security, Privacy, Legal) to ensure the Data & AI Platform remains compliant with applicable policies, standards, and regulatory expectations

Please note that only on-line applications will be taken into consideration.

Each person who sends the application will receive information about its status.

#Li-hybrid

At PMI we run the business in line with ethical principles and encourage SpeakUp culture. We care for equal chances and fair treatment. If you find anything that violates these principles in this job offer or the recruitment process, you may contact our Ethics and Compliance Team at PMIEthicsandCompliance@pmi.com. Read more about Ethics&Compliance at PMI – here.