Purpose of this role is to handle and expand a team of highly experienced Information Security Management System (ISMS) specialists in charge of defining and maintaining the corporate ISMS framework to support IT management in defining, implementing, and maintaining such framework and assessing and mitigating risks of non-adherence in an effective and cost-efficient way. Lead the definition and formalization of the ISMS methodology and processes. Champion the adoption of the ISMS framework with the IT leadership team and drive mid/long-term the adoption of such framework, in collaboration and alignment with other Information Security & Data Privacy teams as well as other IT platform/platform enabling teams.
Dimensions: Supervise 1-5 staff across multiple locations; determine risk management methods and standards for > 1,500 systems; supervise 2-5 external information security management system SMEs, on-site or remotely; demonstrate leading expertise in 5+ global IT risk management and information security framework used for strategic development of the information security management framework at PMI; direct security investments of up to $1 Mio/yearly.
ACCOUNTABILITIES:- Lead the design, development and improvement of the Company’s enterprise Information Security Management System (ISMS) framework. Analyze and determine which components of internationally recognized ISMS frameworks are critical to PMI business processes. Design, implement and deploy in PMI the ISMS processes, documentation framework, and related procedures. Analyze and convert IT leadership stakeholder ISMS needs into conceptual requirements, and provide relevant information related to these risks in a digestible format to the IT leadership team.
- Drive hands-on the execution of the ISMS framework roadmap and adoption for the Company. Design the documentation framework required to support the ISMS concepts to be as simple and easy to lead and use as possible for all IT people. Design and lead a complete taxonomy of documents to achieve the ISMS framework scope and objectives and ensure that all requirements from other related documentation frameworks such as the corporate RRP Quality Management System are met.
- Lead a team of highly skilled ISMS specialists using up-to-date ISMS frameworks and methodologies, priority setting, leadership and coaching. Ensure the team proactively supports other IT platform/platform enabling teams by providing Subject Matter Expertise for the respective domains of specialization in information security, quality management and risk management.
- Coordinate the research, evaluation, recommendation and implementation of new or updated ISMS disciplines that will help identifying information security management gaps in PMI and related risk exposures and allow IT leaders to timely define mitigation activities. Establish and maintain relevant relationships with technology vendors and other business partners.
- Partner with other Information Security teams to continuously improve the overall ISMS framework and achieve higher levels of information security maturity, e.g. by maximizing the use of automation and data analytics. Support the definition of strategic, comprehensive information security, quality management and risk management programs.
- Provide risk management expertise to 150+ colleagues in Information Security and other IT functions on matters such as risk identification, risk evaluation and assessment, risk mitigation strategies and actions.
SKILLS AND COMPETENCIES::- Master degree in computer/data science, electronic/electric/telecommunication engineering or equivalent.
- Professional certifications in Information Security or Cybersecurity (e.g. Certified Information Systems Security Professional, Certified Information Security Manager, Certified Information Systems Auditor, Certified in Risk and Information Systems Control, Certified in the Governance of Enterprise IT, ISO 27001 Lead Auditor/Implementer)
- Minimum 10 years of experience in leading and evolving an information security or IT risk assurance discipline within a large organization
- Demonstrated experience in implementing and maintaining a risk management framework in a modern IT environment comprising cloud computing, Big Data, DevOps, IoT, next-generation firewalls, identity & access management and data leakage prevention solutions
- Consistent track record in coaching, mentoring and developing technical staff, including providing career development planning and opportunities
- Deep knowledge of industry and regulatory requirements (e.g. SOX, GDPR, PCI-DSS, ISO 2700x)
- Considerable technical writing proficiency, story-telling and oral presentation skills, analytic skills, conceptual design skills and decision-making skills
NICE TO HAVE:- Practical experience in implementing Information Security management systems such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, NIST SP 800-37, NIST SP 800-38, NIST SP 800-53, ISO 2700x, Information Security Forum (ISF), COBIT 5, AICPA Trust Service Criteria
- Experience in Agile development methodology, COSO framework, Sarbanes-Oxley (SOX) compliance, PCI-DSS compliance
- Good knowledge of FDA Title 21 CFR Part 11, Eudralex Annex 11, EU GDPR, Information Technology Infrastructure Library (ITIL), ISO 9000, ISO 20000, ISO 22301, COBIT"
WE OFFER- private medical and dental care, life insurance
- subsidized meals in company canteens
- remote work opportunity and flexible working arrangements
- employee pension plan
- multisport program
- holiday, cultural & Christmas bonus
- wide range of trainings, optional language classes, further education and professional qualification support possibility
- free bike and car parking for all employees
FIND A NEW PATHOur company offers you a fresh perspective. Here, you will never stop exploring and discovering. We take on-the-job learning to another level, giving you every opportunity to develop your career and reach your full potential. With innovative technologies, services, and processes, backed by a competitive salary and compensation package, you will work in a professional setting with clients and team members from all over the world.
JOIN A GLOBAL MARKET LEADERPhilip Morris International Inc. (PMI) is the leading international tobacco company, with seven of the world’s top 15 brands, including the number one cigarette brand worldwide. PMI’s products are sold in more than 180 Markets.
PMI SCE was established in late 2005 in Krakow and since then is increasingly serving PMI affiliates’ financial accounting, human resources (HR), Procurement and Information Services (IT) needs in Europe, Middle East and Africa.