Philip Morris International
,
London, Greater London
Senior Information Security Analyst
Overview
Job Description
Be a part of a revolutionary change At PMI, we've chosen to do something incredible. We're totally transforming our business, and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide. With huge change, comes huge opportunity. So, wherever you join us, you'll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. PMI's journey to a smoke-free future is fuelled by technology. The total transformation we're going through means that there are unique IT projects here to match all levels of skills and ambitions - from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there's space here to develop in any number of directions. To join us in IT you'll need to be driven and equally happy whether you're taking the strategic view or diving deep into processes. We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you'll ever work with. Your 'day to day' Act as a first contact point for IT platform teams on information security related topics and lead the execution of key information security assurance activities (e.g. third party due diligence, negotiation of data protection clauses, validation of system access models, integration with PMI's identity and access management solutions, alignment of system security configurations with internal and external requirements, etc.). Manage the security related activities of cross functional, international teams within Information Security along with external partners, vendors and local teams. Support IT platform teams in understanding applicable internal and external information security requirements and effectively embedding them in the deployment of new systems or operation of existing systems. Assess compliance of PMI systems with applicable internal and external information security requirements and communicate any gap to the relevant stakeholders for appropriate risk mitigation, transfer or acceptance. Evaluate the information security posture of third parties/business partners that the Company works with using variety of tools and techniques. Inform relevant stakeholders about identified risks and the need for additional measures required to ensure that PMI's data is protected adequately. Ensure that IT systems used across the Company are designed, implemented and operated in a secure manner. Continuously optimize information security related processes by exploring new techniques and methodologies to ensure that IT platform teams are adequately and effectively supported during all phases of system development life cycle. Raise awareness across the organization by delivering trainings, webinars or similar activities that reduce the number of repeated application security weaknesses and gaps with internal or external information security requirements. Who we're looking for University degree in computer/data science, electronic/electric/telecommunication engineering or equivalent. Professional certifications in Information Security (e.g. Certified Information Systems Security Professional) or IT audit (e.g. Certified Information Systems Auditor) not mandatory but strongly preferred. Minimum 4 years of experience in an information security, IT risk management or IT audit function within a large organization Demonstrated experience in leading and coaching junior staff Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.) Strong understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security Knowledge of fundamental identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID) Familiarity with most common web application security issues (e.g. OWASP top 10) General understanding of regulatory requirements (e.g. SOX, GDPR, PCI) and their impact on systems Strong communication skills and ability to explain technical topics to non-technical people The job/role offer is subject to valid right to work in UK What we offer Our success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can: Seize the freedom to define your future and ours. We'll empower you to take risks, experiment and explore. Be part of an inclusive, diverse culture, where everyone's contribution is respected; collaborate with some of the world's best people and feel like you belong. Pursue your ambitions and develop your skills with a global business - our staggering size and scale provides endless opportunities to progress. Take pride in delivering our promise to society: to improve the lives of a billi