Information Security Leader

MAKE HISTORY WITH US!

At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation.

Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.

Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business.

IT HUB Krakow

With a team of over 300 and more than 20 nationalities, the IT HUB Krakow plays a critical role in creating a smoke-free future around the world. Become a part of a team of engineers, technicians, experts, solid IT freaks, researchers and game changers and create new IT work standards with us!

JOIN US!

Purpose Of The Role

We are looking to fill the Manager IT Information Security (First Line of Defense) position to strengthen the existing team located in Poland and expand the coverage of activities to cover the Vectura Fertin Pharma entity landscape. This position will report directly to the Manager IT Information Security and act as his backup.

This position is the perfect opportunity for a cybersecurity manager or a more technical profile (e.g. senior cybersecurity engineer) ready to shift towards a managerial position. This wide scope of activities and technologies offers interesting challenges. Running at the forefront of PMI's Digital Transformation, The First Line of Defense offers guidance, solutions and advisory all across PMI, supporting our secure journey towards a smoke-free future.

The ideal candidate is technically proficient and possesses a broad knowledge in cybersecurity, proactive self-management, a customer-oriented approach and the ability to engage effectively with cross-functional teams.

WHO ARE WE LOOKING FOR?

• Bachelor or Masters’ degree in Information Technology or equivalent
• Minimum 5 years of experience in an information security, IT risk management or IT audit function within a large organization with risk management qualifications (CISSP, CCSP, CISM, CompTia Security+, etc.)
•  Trusted advisor to IT management on information security aspects of company data processing (e.g.: access management, backup & resilience, IT controls, contractual and regulatory obligations, data at rest and in transit, encryption)
•  Advisor the IT organization and the wider business on adoption of a risk-based decision-making culture to accelerate our business transformation, while handling risk and meeting regulatory compliance requirements as a part of a governance, risk, and compliance (GRC) framework
•  You maintain and renew a knowledge and understanding of technical and compliance aspects of security (e.g.: common application security issues, identity and access management concepts, cloud computing architectures, regulatory requirements (e.g. GxP, GDPR, PCI) and their impact on systems)
• Proven track record in supporting development teams throughout all phases of secure systems development life cycle (design, development, maintenance)
• Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.)
• Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Good understanding of modern technologies such as IoT, Machine learning, automation, generative AI
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Familiarity with most common web application security issues (e.g. OWASP top 10)
• General understanding of regulatory requirements (e.g.GxP, FDA) and their impact on systems
• Experience working with supply chain partners and service providers
• Strong communication skills and ability to explain technical topics to non-technical people
• Practical experience in Agile/DevOps organizations and cultures
• Teamwork and collaboration across cultures and geographies
  
  

Preferred Requirements

• Understanding of Pharma related security including Quality, Research & Innovation and In-silico drug development
• Experience in supporting Product Development/Pre-Clinical & Clinical Trials/Labs environments
• Cloud security certifications (AWS, Azure etc)
  
  

WHAT WE OFFER YOU?

• Private medical and dental care, life insurance
• Lunch card (Sodexo)
• Remote work opportunity and flexible working arrangements
• Employee pension plan
• Multisport program
• Cafeteria program
• Wide range of trainings, optional language classes, further education and professional qualification support possibility
• Free bike and car parking for all employees
• Eligibility to participate in Copyrighted Work program (possibility to increase tax-deductible costs)
  
  

HOW CAN YOU MAKE HISTORY WITH US?

• Act under the supervision of the Manager IT Information Security to implement, report and follow up on risk reduction activities with projects and BAU; and work together with key stakeholders to oversee security improvement activities
• Engage with business stakeholders from the Life Sciences function on projects and activities that require Information Security expertise and advice
• Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools
• Perform active governance on key security metrics for systems under his/her responsibility
• Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance
• Lead security awareness trainings and provide coaching, trainings, promoting webinar attendance or similar activities to raise the security awareness of the function
•  Support projects (implementation or evolutions of IT applications) thought the process in all IT security related topics (supports RFPs and its outcomes, reviewing security related documentation and system configuration, identifying risk and point for attention)
•  Partner with Information Security (2LoD) to ensure that PMI follows best practices and latest market standards in application and system security by continuously optimizing tools, techniques and methodologies
• Take accountability or responsibilities of tasks required for the resolution of cyber incidents in impacting solutions under his/her responsibility, from identification to eradication, working closely with central/platform IT teams and InfoSec (e.g. SOC and IRM)
• Perform risk assessments and vulnerability management activities for functional support areas. Manage, monitor, and report on the full lifecycle of risk management at the system or platform level, from identification to closure
• Drives cybersecurity resilience activities in the assigned functional domain (e.g. back-up, restored, Disaster Recovery)
• Support during internal or external audits
• Support the Qualification and Validation activities required for GxP systems
• Ensure information security standards are applied to Laboratory Systems and Instruments
• Act as the Manager IT Information Security’s backup
  
  

Where we See This Role Going

•     As we progress on our business transformation journey, the First Line of Defense will help drive the adoption of PMI IT Security Standards to help protect our business and data
•     The role actively participates in securing the portfolio with opportunities to co-design approach and driving it together with colleagues
•     We see this role further growing with the function and the company, and are looking for an experienced profile with the clear willingness to help secure the application portfolio within the IT organization
  
  

3726