Position Title:  Manager IT Information Security R&D - Digital Quality

Be a part of a revolutionary change - find your future in our future

At PMI, we’ve chosen to do something incredible. We’re transforming our business and building our future with one clear purpose – to deliver a smoke-free future. We're disrupting our company from the inside out. Our transformation is redefining every area of our business. From where and how we make and sell our products—to how we engage our consumers and society.

To support this vision, PMI is evolving into a science and technology-based, consumer-facing, multi-category company—and Information Technology (IT) is a vital partner in helping to lead the way. As we accelerate PMI's vision, we get to dream big too.

With unique and transformative IT projects matching all levels of skill and ambition, we've taken on the spirit of a start-up, with the freedom to craft and define our digital future, but with the support and scope of a vast global business.

We are looking for a Manager IT Information Security R&D - Digital Quality, based in Albarraque (Portugal)

In this role you will lead the cybersecurity forefront activities for the planning, implementation and support of Quality and Regulatory systems across Global R&D and Business Units. Self driven, you will engage with Solution and Domain architects to ensure Secure by Design principles are applied, you will engage with Delivery Teams to ensure Systems are delivered in line with Information Security guidelines, and finally you will ensure Service Excellence teams maintain the Systems in compliance with the IT Policy Framework.

YOUR DAY TO DAY

• Act as SPOC for Information Security to implement, report and follow up on risk reduction activities with projects and BAU, work together with key partners to oversee security improvement activities.
• Engages with business stakeholders from the R&D function on projects and activities that require Information Security expertise and advice.
• Support cybersecurity requirements for Analytical and Quality Controls Laboratories
• Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools.
• Perform active governance on key security metrics for systems (e.g. Vulnerabilities, Risks) under your responsibility.
• Conduct software security assessments and approvals. 
• Evaluate new technologies (e.g., AI, ML, IoT) for security implications.
• Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance.
• Lead the creation and review of security clauses in contracts, ensuring alignment with PMI security standards and regulatory requirements, incl. TPISS.
• Monitor adherence to contractual security obligations and escalate non-compliance issues. Ensure timely remediation of findings from third-party assessments and track progress to closure.
• Take part in security awareness trainings and provide coaching, trainings, promoting webinar attendance or similar activities to raise the security awareness of the function
• Actively participate in cyber incidents impacting solutions under your responsibility, from identification to eradication, working closely with central/platform IT teams and InfoSec (e.g. SOC and IRM)
• Perform risk assessments and vulnerability management activities for functional support areas. Manage, monitor, and report on the full lifecycle of risk management at the system or platform level, from identification to closure
• Drives cybersecurity resilience activities in the assigned functional domain. Drive continuous improvement through security maturity assessments. 
• Represent IT during internal or external audits.

WHO WE’RE LOOKING FOR

• Experience: Minimum 8 years of experience in an information security, IT risk management or IT audit function within a large organization
• Proven track record in supporting development teams throughout all phases of secure systems development life cycle (design, development, maintenance)
• Good knowledge of typical application design patterns (e.g. web, mobile, thick client, APIs, etc.)
• Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Good understanding of modern technologies such as IoT, Machine learning, automation.
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Familiarity with most common web application security issues (e.g. OWASP top 10)
• General understanding of regulatory requirements (e.g. GxP, GDPR/Data Act, Chinese cyber and privacy laws) and their impact on systems.
• Experience working with electronics manufacturing and supply chain service providers.
• Strong communication skills and ability to explain technical topics to non-technical people
• Practical experience in Agile/DevOps organizations and cultures

Ultimately, personality means more to us than skills. If you have the passion and mindset, we’d urge you to apply: we will help you develop the skills.

WHY SHOULD YOU JOIN US?

What we offer:

Join PMI and you too can:

Seize the freedom to define your future and ours! We’ll empower you to take risks, experiment and explore

Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong

Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress

Take pride in delivering our promise to society: to improve the lives of a billion smokers!