Purpose of this role is to manage and expand a team of highly experienced IT InfoSec training and awareness specialists in charge of leading the definition, implementation and monitoring of global information security training and awareness programs. Lead with the Information Security & Data Privacy leadership team the InfoSec global communication strategy definition and planning and drive the execution of the global InfoSec communication plan. Accountable for the effective execution of global InfoSec awareness campaigns and monitor related KPIs.
Dimensions: Supervise 1-2 staff across multiple locations; lead the definition of IT InfoSec training and awareness strategies for the company; supervise 1-3 external IT SMEs in InfoSec training and awareness management, on-site or remotely; demonstrate good knowledge in 3+ global IT risk management and information security frameworks used for strategic development of information security risk management at PMI; direct security investments of up to $1 Mio/yearly.
Accountabilities:Lead in close collaboration with the Information Security & Data Privacy (ISDP) leadership team the definition of the global communication and training strategy and implementation roadmap of the Information Security & Data Privacy team. Drive the global ISDP communication and training program implementation and manage the continuous update of the ISDP team internal communication channels,
Lead the design, implementation and monitoring of global InfoSec training and awareness programs and foster a risk balanced entrepreneurship within the IT organization to continuously improve IT products, services, solutions and organization efficiency and effectiveness within well understood and accepted risk boundaries.Ensure and demonstrate that ISDP global communications and training/awareness campaigns are fully aligned with ISDP strategies and that the ISDP strategies are aligned with enterprise strategic priorities and enablers and address key enterprise risks and regulatory requirements. Support the definition of communication needs of other key ISDP programs and their effective execution,
Select and use optimally solutions supporting InfoSec training and awareness programs, including automated training platforms for phishing awareness campaigns. Define InfoSec awareness campaign themes in coordination with relevant advisory functions, supervise the awareness campaign execution and timely report to ISDP leadership team on the effectiveness of these campaigns,
Design, build and showcase specific InfoSec workshops to be organized in key IT delivery locations to demonstrate the pervasiveness and extent of modern cyber attacks and raise awareness and ability to respond faster to cyber attacks in the IT community,
Lead the design, evaluation, implementation, and development of new or updated global InfoSec or data privacy awareness materials that will help raising awareness and knowledge in the company on IT information security and data privacy risks and key strategic initiatives. Establish and maintain meaningful relationships with technology vendors and other business partners in this domain.
Partner with other Information Security & Data Privacy teams to continuously identify new cyber security or information protection trends, collect feedback on existing ones, design and deliver related communication and awareness materials to achieve higher levels of information security maturity within the organisation,
Manage a team of highly skilled IT InfoSec training and awareness specialists to deploy industry leading training and communication programs within PMI. Ensure the team proactively supports other ISDP and IT teams through program coordination on training and commutation matters,
Liaise with and feed the InfoSec & Data Privacy Leadership Team, the IT Strategy & Planning team, and tother IT platform team with detailed up-to-date information on all ISDP training and awareness campaigns progress and results.
Skills and proficiencies:• University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent),
• Professional certifications in IT Security or cyber security (e.g. ISC2 CISSP, ISO 27001, SANS GIAC, ISACA CISA, EC-Council CEH, etc.),
• 8 to 10 years of experience in Information Security, IT Audit or Information Technology,
• Experience in multinational Co.,
• Experience in Vendor Management,
• Understanding of key IT delivery processes and business processes,
• Experience in management of remote and multi-cultural resources,
• Good knowledge of industry and regulatory requirements (e.g. SOX, GDPR, ISO 9001, PCI DSS, NIST).
Nice to have:• Facility around higher management,
• Challenging status quo,
• Superior writing proficiency, story-telling and oral presentation skills,
• Ability to encourage and influence others,
• High level of organisational skills, ability to work independently.
We offer:• private medical and dental care, life insurance,
• subsidized meals in company canteens,
• remote work opportunity and flexible working arrangements,
• employee pension plan,
• multisport program,
• holiday, cultural & Christmas bonus,
• wide range of trainings, optional language classes, further education and professional qualification support possibility,
• free bike and car parking for all employees.
FIND A NEW PATHOur company offers you a fresh perspective. Here, you will never stop exploring and discovering. We take on-the-job learning to another level, giving you every opportunity to develop your career and reach your full potential. With innovative technologies, services, and processes, backed by a competitive salary and compensation package, you will work in a professional setting with customers and team members from all over the world.
Join a global market leaderPhilip Morris International Inc. (PMI) is the leading international tobacco company, with seven of the world’s top 15 brands, including the number one cigarette brand worldwide. PMI’s products are sold in more than 180 Markets.
PMI SCE was established in late 2005 in Krakow and since then is increasingly serving PMI affiliates’ financial accounting, human resources (HR), Procurement and Information Services (IT) needs in Europe, Middle East and Africa.