APPLY AS
Manager InfoSec Global IT Controls
Location: Kraków
Lead the design, definition and governance of global IT controls practices, incl. the framework of general IT controls, the management of master data and systems supporting IT general controls, the execution of certain enterprise IT controls, and the governance of global IT control execution.
Manage and develop a team of highly experienced IT General Controls (ITGC) practice specialists in charge of designing and supporting the corporate ITGC practice and related systems. Support IT management in governing the ITGC framework and provide timely factual information facilitating the ITGC operational execution.
Drive continuous ITGC process improvements for the company and determine the optimal cost of controls based on risk management disciplines.
• Lead the selection of global methodology frameworks for ITGC and champion their adoption in the company, in strong collaboration and alignment with other Information Security & Data Privacy teams as well as other IT platform/platform enabling teams.
• Foster a risk balanced entrepreneurship through the adoption of a global IT control framework within the IT organization to continuously improve IT products, services, solutions and organization efficiency and effectiveness within well understood and accepted risk boundaries. Support IT and business management in assessing and mitigating risks of non-adherence in an effective and cost-efficient way.
• Provide continuous guidance and advisory to the worldwide IT organization on the adoption of general IT controls including control applicability and specific requirements to facilitate adherence to all PMI policies and guidelines. Drive global IT control orchestration (i.e. control activity scheduling and dispatching) and lead global strategy and management of relevant control orchestration tools (e.g. SOFY or equivalent). Manage global execution of enterprise IT General Controls for PMI.
• Act as business owner of systems and processes supporting ITGC disciplines and provide the corporate vision for these. Manage a team of highly experienced IT General Controls (ITGC) specialists in charge of the management of master data and systems supporting IT general controls.
• Monitor and report on IT control effectiveness at global level (including financial reporting relevant control) and provide up-to-date and factual status information to the Information Security and Data Privacy Leadership Team on PMI posture regarding IT compliance domains and advise IS&DP management on recommended risk response strategies and actions. Lead the communication and engagement and escalation strategies with the IT Leadership Team on general IT control operational effectiveness for the respective global platforms to maximize the assurance that IT services and products meet the current and future IT compliance needs of PMI.
• Ensure information security and IT compliance expenditures, including capital expenditures, are properly documented, budgeted and approved in line with local and PMI requirements. Ensure that actual expenditures are within approved limits, timely accounted for, and that any deviation is immediately reported to the Information Security and Data Privacy management for subsequent assessment and decision.
• Lead and build a flexible, agile and innovative Global IT Controls organization that attracts, develops and retains the best talent in order to deliver an optimal general IT control framework required by PMI, currently and in the future.
• Minimum 8-10 years of experience in leading and evolving an information security or IT risk assurance function within a large organization
• Demonstrated experience in business process and IT audits (in compliance with Sarbanes Oxley Act)
• Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment
• Proven track record in coaching, mentoring and developing technical staff, including providing career development planning and opportunities
• Excellent negotiation and influencing skills
• Good presentation, analytic, conceptual design, and decision-making skills
• Experience in multinational companies
• Deep knowledge of industry and regulatory requirements (e.g. SOX, GDPR, PCI-DSS, FDA Title 21 CFR Part 11, ISO 22301)
• Deep understanding of different IT control frameworks (Committee of Sponsoring Organizations of the Treadway Commission ('COSO'), ISACA Control Objectives for Information and Related Technologies (‘COBIT’), NIST Cybersecurity Framework), IT best practices (ITIL), audit standards and practices (AICPA Trust Services Criteria)
• Good knowledge of Eudralex Annex 11, Information Technology Infrastructure Library (ITIL), ISO 9000, ISO 20000
• private medical and dental care, life insurance
• subsidized meals in company canteens
• remote work opportunity and flexible working arrangements
• employee pension plan
• multisport program
• holiday, cultural & Christmas bonus
• wide range of trainings, optional language classes, further education and professional qualification support possibility
• free bike and car parking for all employees
PMI SCE was established in late 2005 in Krakow and since then is increasingly serving PMI affiliates’ financial accounting, human resources (HR), Procurement and Information Services (IT) needs in Europe, Middle East and Africa.
Manage and develop a team of highly experienced IT General Controls (ITGC) practice specialists in charge of designing and supporting the corporate ITGC practice and related systems. Support IT management in governing the ITGC framework and provide timely factual information facilitating the ITGC operational execution.
Drive continuous ITGC process improvements for the company and determine the optimal cost of controls based on risk management disciplines.
Responsibilities
• Lead the design, definition, and continuous governance of the global IT control framework for PMI offering the optimal combination of security, quality, reliability, availability and cost effectiveness. Drive continuous assessment, planning and implementation of current and future IT general control requirements for PMI in order to minimize risks regarding confidentiality, integrity, and availability of data as (to be) processed, stored, retained in information systems.• Lead the selection of global methodology frameworks for ITGC and champion their adoption in the company, in strong collaboration and alignment with other Information Security & Data Privacy teams as well as other IT platform/platform enabling teams.
• Foster a risk balanced entrepreneurship through the adoption of a global IT control framework within the IT organization to continuously improve IT products, services, solutions and organization efficiency and effectiveness within well understood and accepted risk boundaries. Support IT and business management in assessing and mitigating risks of non-adherence in an effective and cost-efficient way.
• Provide continuous guidance and advisory to the worldwide IT organization on the adoption of general IT controls including control applicability and specific requirements to facilitate adherence to all PMI policies and guidelines. Drive global IT control orchestration (i.e. control activity scheduling and dispatching) and lead global strategy and management of relevant control orchestration tools (e.g. SOFY or equivalent). Manage global execution of enterprise IT General Controls for PMI.
• Act as business owner of systems and processes supporting ITGC disciplines and provide the corporate vision for these. Manage a team of highly experienced IT General Controls (ITGC) specialists in charge of the management of master data and systems supporting IT general controls.
• Monitor and report on IT control effectiveness at global level (including financial reporting relevant control) and provide up-to-date and factual status information to the Information Security and Data Privacy Leadership Team on PMI posture regarding IT compliance domains and advise IS&DP management on recommended risk response strategies and actions. Lead the communication and engagement and escalation strategies with the IT Leadership Team on general IT control operational effectiveness for the respective global platforms to maximize the assurance that IT services and products meet the current and future IT compliance needs of PMI.
• Ensure information security and IT compliance expenditures, including capital expenditures, are properly documented, budgeted and approved in line with local and PMI requirements. Ensure that actual expenditures are within approved limits, timely accounted for, and that any deviation is immediately reported to the Information Security and Data Privacy management for subsequent assessment and decision.
• Lead and build a flexible, agile and innovative Global IT Controls organization that attracts, develops and retains the best talent in order to deliver an optimal general IT control framework required by PMI, currently and in the future.
Skills & Experience:
• University degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent) Professional certifications in IT audit or risk management (e.g. CISA, CISM, CRISC, CISSP)• Minimum 8-10 years of experience in leading and evolving an information security or IT risk assurance function within a large organization
• Demonstrated experience in business process and IT audits (in compliance with Sarbanes Oxley Act)
• Deep understanding of IT processes: logical and physical access management, change management, system operations, system availability and continuity, risk assessment
• Proven track record in coaching, mentoring and developing technical staff, including providing career development planning and opportunities
• Excellent negotiation and influencing skills
• Good presentation, analytic, conceptual design, and decision-making skills
• Experience in multinational companies
• Deep knowledge of industry and regulatory requirements (e.g. SOX, GDPR, PCI-DSS, FDA Title 21 CFR Part 11, ISO 22301)
• Deep understanding of different IT control frameworks (Committee of Sponsoring Organizations of the Treadway Commission ('COSO'), ISACA Control Objectives for Information and Related Technologies (‘COBIT’), NIST Cybersecurity Framework), IT best practices (ITIL), audit standards and practices (AICPA Trust Services Criteria)
• Good knowledge of Eudralex Annex 11, Information Technology Infrastructure Library (ITIL), ISO 9000, ISO 20000
WE OFFER
• company kindergarten possibility• private medical and dental care, life insurance
• subsidized meals in company canteens
• remote work opportunity and flexible working arrangements
• employee pension plan
• multisport program
• holiday, cultural & Christmas bonus
• wide range of trainings, optional language classes, further education and professional qualification support possibility
• free bike and car parking for all employees
FIND A NEW PATH
Our company offers you a fresh perspective. Here, you will never stop exploring and discovering. We take on-the-job learning to another level, giving you every opportunity to develop your career and reach your full potential. With innovative technologies, services, and processes, backed by a competitive salary and compensation package, you will work in a professional setting with clients and team members from all over the world.JOIN A GLOBAL MARKET LEADER
Philip Morris International Inc. (PMI) is the leading international tobacco company, with seven of the world’s top 15 brands, including the number one cigarette brand worldwide. PMI’s products are sold in more than 180 Markets.PMI SCE was established in late 2005 in Krakow and since then is increasingly serving PMI affiliates’ financial accounting, human resources (HR), Procurement and Information Services (IT) needs in Europe, Middle East and Africa.
APPLY ON-LINE IN ENGLISH
Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted.
Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted.
IT
