MAKE HISTORY WITH US!At PMI, we've chosen to do something incredible. We're totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.With huge change, comes huge opportunity. So, wherever you join us, you'll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions.IT at PMIPMI's journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer-facing organisation. Such a shift creates an abundance of outstanding and transformative IT projects to match all levels of skills and ambitions.You'll feel like you're working in a start-up – with the freedom to shape and define the digital future, but with the support and scope of a vast global business. You'll get a chance to work with groundbreaking technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there's no better place to progress your career.Digital at PMI is dynamic and diverse. Join us and become a part of a top talent team where you can bring new insights to life in a global function that is a key driver of the success of our business.Joining Information SecurityRunning at the forefront of PMI's Digital Transformation, Information Security offers guidance, solutions and advisory all across PMI, supporting our secure journey towards a smoke-free future.Our scope ranges from security assessments, architecture, governance and risk advisory, through resilience, cyber threat intelligence and incident response, to supporting PMI Functions, Markets, and Platforms (e.g. Finance, People & Culture, Operations, Consumer or Product) and building an organizational security culture.JOIN US!WHO ARE WE LOOKING FOR?Proven experience, preferably in a large organization or consulting companies, in at least one of the areas:IT assurance: IT security, IT risk management, IT audit, IT controlsoffensive security: ethical hacking, penetration testing, vulnerability assessment, red teamingsecure software development: S-SDLC, DevSecOpsProfessional certifications in at least two of the following domains:IT systems security and auditing (e.g. CISA, CISSP, CRISC, CISM)cloud technologies (e.g. AWS, Azure, Salesforce)ethical hacking (e.g. OSCP, GIAC Penetration Tester, CEH)Proven track record in performing IT security assessments or IT audits for large scale solutionsGood knowledge of typical application design patterns and their attack vectors (e.g. web, mobile, thick client, etc.)Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies and cloud environmentsKnowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10Considerable technical writing proficiency and oral presentation skillsWHAT WE OFFER YOUWide range of trainings, optional language classes, further education and professional qualification support possibilityPrivate medical and dental care, life insuranceLunch card (Sodexo), Multisport & Cafeteria programHybrid model of work and flexible working arrangementsEmployee pension planFree bike and car parking for all employeesHOW CAN YOU MAKE HISTORY WITH US?Identify cybersecurity gaps in PMI applications and systems using a wide variety of methods, e.g. threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testingEvaluate the security posture of the third party solutions using TPCRM methodologies with cybersecurity focusAnalyze the scope, methodology and results of cybersecurity activities (e.g. ethical hacking) performed by third parties around the presence of vulnerabilities in systems used or to be used by PMIFollow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendorsDescribe and demonstrate identified issues in various forms (e.g. reports, technical debt definitions) and ensure that relevant collaborators understand the risk that those vulnerabilities pose to the CompanyAdvise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient wayPartner with other Information Security leaders to ensure that PMI follows standard processes in the application security testing domain by continuously optimizing tools, techniques and methodologiesKeep up to date with the constantly evolving cyber threat landscape and the latest developments in IT risk management and contribute to PMI's security standardsPlease note that only online applications will be taken into consideration. Only selected candidates will be contacted. #LI-Hybrid#J-18808-Ljbffr
