PMI - InfoSec Manager


Networks, NIST SP 800-82, IOT, IAAS, PAAS, CISSP, ISO27001, CISM, Prince2

PMI is recruiting a Manager InfoSec Manager


At PMI, they have chosen to do something incredible. They are totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.
With huge change, comes huge opportunity. So, wherever you join them, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

Their future is Tech based. To build it, they need your help.


Your day to day

  • Lead stakeholder management and reporting (e.g., via dashboards, slide decks, awareness webpages), including with Directors Manufacturing of the plants in the assigned region(s), to get buy-in about the InfoSec Cyber Risk Program, show cybersecurity progress over the years, provide a status update on cyber-risks, and facilitate people/resource mobilization for what concerns local risk-reduction plans' implementation.
  • Provide continuous guidance and advisory, including in the form of training and awareness and by means of meetings, workshops, and other events (organized or attended), to local stakeholders at the plants in the assigned region(s), to facilitate adherence to all PMI policies, guidelines, baselines and standards on security and compliance.
  • Coordinate project assurance of selected Operations initiatives (such as projects, PoV, MVP) at the local level in the assigned region(s), and perform risk management, in strict alignment and collaboration with other teams in IT and beyond, with the biggest purpose to enable a secure Operations digital transformation.
  • Co-lead, in strict alignment with other InfoSec colleagues, the implementation at plants in the assigned region(s) of the yearly InfoSec Cyber Risk Program dedicated to Operations, which is aligned with the Operations strategic programs and the internal Cyber Threat Assessment process, in order to increase Operations cybersecurity maturity and enable a secure digitalization strategy.
  • Co-lead, in strict alignment with other InfoSec colleagues, the implementation at plants in the assigned region(s) of the global initiatives part of the yearly InfoSec Cyber Risk Program.
  • Lead periodic security assessment of Operations plants, processes, and technology systems within the assigned region(s), including for plants that become part of the scope as per M&A initiatives, in order to identify security gaps, perform risk management, and define risk-reduction actions to be implemented by teams within and beyond IT.
  • Perform periodic monitoring of the security status of the technologies (IT and OT) in the shop floor at plants in the assigned region(s), for what concerns e.g. network segregation/segmentation, vulnerability and patch management, Operating System obsolescence management, Anti-Virus status, access control, disaster recovery, and applicable security controls implementation. Perform local portfolio management and risk management (e.g., risk acceptance or reduction), including by triggering tactical quick wins with proper stakeholders within and beyond IT.
  • Assist the Cyber Defense team in managing cybersecurity incidents at plants in the assigned region(s), providing OT-related knowledge, liaising with local stakeholders, and leading the definition and implementation coordination of subsequent risk-reduction plans.

Job Requirements

  • University Master's Degree (Computer Sciences, Information Systems, Engineering, Business Administration or equivalent).
  • 7+ years in IT teams at international companies, performing activities relevant to information security, such as e.g. risk management, security demand management, security audit, security governance, application security, system controls, disaster recovery, and business continuity
  • 5+ years of experience as people manager of direct or indirect reports, including suppliers
  • 3+ years in OT teams at international companies, performing activities relevant to information security, such as e.g. factory network segregation/segmentation, OT network monitoring and visibility management, ICS patch management, disaster recovery
  • Experience with securing ICS technologies, e.g. Programmable Logic Controllers (PLCs), Human-Machine Interface (HMI), Distributed Control Systems (DCS), Supervisory Control and Data Acquisition (SCADA), and Building Management Systems
  • Experience implementing information security programs for Operations' functions, e.g. Manufacturing, Supply Chain, Prototyping and Industrialization areas
  • Experience with project management, preferably related to information security areas
  • Knowledge of cybersecurity standards, such as ISA/IEC 62443, NIST 800-82
  • Knowledge of Industrial Internet of Things (IIoT) platforms and cloud computing architectures (e.g. IaaS, PaaS, SaaS)
  • Excellent skills in stakeholder management, collaboration, written and oral presentation in English, abstract thinking, problem-solving, and decision-making
  • Quick learner with a pragmatic, analytical, and autonomous mindset
  • Professional certifications in IT and OT Security, e.g. (ISC)2 CISSP, (ISC)2 ISSMP, ISO 27001, ISACA CRISC, ISACA CISA, ISACA CISM, SANS GIAC GICSP, SANS GIAC GRID, ISA/IEC 62443 Cybersecurity Certificate Program
  • Professional certifications in Project Management: PMP or PRINCE2
  • Understanding of Agile/DevOps organisations and cultures.
Want to know more? Get in touch with us ๐Ÿ‘‡
I allow DAMIA GROUP to store and process my personal data. My information will be handled in accordance with DAMIA GROUP Privacy Policy*
Download 2024 Benchmark
× Reach out!