Praca Information Security Manager Warszawa, mazowieckie

Praca Information Security Manager Warszawa, mazowieckie

JTI Polska profil

Jesteśmy wiodącą, międzynarodową firmą tytoniową, wywodzącą się z Grupy Japan Tobacco. Działamy w 130 krajach na świecie, zatrudniamy ponad 45 tys. osób i mamy w swoim portfolio jedne z najbardziej znanych marek, w tym Camel, LD, Winston oraz Logic dostępne na polskim rynku.

W Polsce zatrudniamy prawie 3 tys. pracowników i jesteśmy trzecim graczem w branży tytoniowej. Wkraczając na polski rynek w 2007 roku, postanowiliśmy, że na pierwszym miejscu zawsze będziemy stawiać naszych pracowników. Tworzymy kulturę opartą na współpracy, dzięki czemu w naszych zespołach panuje wyjątkowa atmosfera. Szerokie zakresy odpowiedzialności dają możliwość zdobycia nowej wiedzy i umiejętności, co przekłada się na świetną jakość działania oraz szybki rozwój naszej firmy. Stosujemy także najlepsze praktyki w zakresie rozwoju talentów, wdrażania nowo zatrudnionych osób czy możliwości szkoleniowych.

Nasze starania, by być najlepszym pracodawcą dla naszych pracowników, co roku zostają doceniane przez Top Employers Institute. Najlepszym dowodem na to jest przyznawany nam nieustannie od 2010 roku certyfikat Najlepszego Pracodawcy nie tylko w Polsce, a także w Europie (1. miejsce w rankingu w 2021 roku) oraz na świecie.

Firma: JTI Polska | Information Security Manager

Miejsce: Warszawa, mazowieckie

Opis stanowiska

  • BUSINESS RELATIONSHIP MANAGEMENT: Become the efficient link between Information security and JTI organization (Regions, markets, factories, leaf origins, global Business and IT functions, GBS, etc.). Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required.
  • PROGRAM DELIVERY: Drive the success of currently assigned information security projects in line with agreed plans, timelines and budget.
  • RISK & COMPLIANCE: Support the development of information security policies and accompanying risk assessments with identification of mitigating controls. Support development and delivery of planned compliance reviews to ensure the gaps are addressed.
  • REPORTING: Provide risk metrics and performance data to support the central reporting of overall cyber risk posture. Support development of information assets inventory to ensure the assets and related threats are identified.
  • RESILIENCE: Support cyber resilience management through facilitation of business impact analysis at local and global levels (such as factory, region, GBS, HQ). Support entities in their business continuity planning and maintenance efforts. Support disaster recovery process by assisting in awareness programs, promoting tools, procedures and guides to D&IT and relevant teams. Support coordination with regions the annual tests planning and execution.
  • AWARENESS: Educate stakeholders to increase information security awareness and improve risk culture by empowering the employees to understand cyber risk, what to look out for and what to do in the event of an incident. Support the security awareness program and campaigns to ensure the employees are aware how to better protect and defend themselves and ultimately JTI against cybercrime.
  • DIGITAL INVESTIGATIONS: Working with support from relevant functions and in line with the strict procedural requirements to support specific digital investigations in terms of Corporate Security, Data Privacy, Legal or other corporate functions when required.
  • INFORMATION PROTECTION: Ensure digital solutions (such as DLP, MIP) meet JTI requirements through effective cooperation with internal and external partners. Minimizing shadow IT and improving application portfolio compliance. Ensuring measurement and evaluation on user adoption for global information protection measures and that any new requirements for such measures are met through collaboration with relevant functions and business units.

Wymagania

  • Relevant university degree or suitable experience.
  • Certified Information Systems Security Professional (CISSP) or relevant experience.
  • Expertise in ISO 27001/2 and evolving security standards and regulations.
  • Experience in technology risk managing with practical knowledge in designing, implementing and testing of controls in an international fast-paced organization and with the ability to leverage this to influence stakeholders (understanding of OT is an advantage).
  • Aptitude to analyze complex issues, identify root cause problems and implement effective corrective measures and solutions.
  • Ability to work both independently and collaboratively as part of a team.
  • Confident and energetic self-starter with strong interpersonal skills.

Komentarze (0)