Senior Security IT Expert (Japan/Korea/Indonesia/Philippines

At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

PMI’s journey to a smoke-free future is fueled by technology. The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions. We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you’ll ever work with.

YOUR 'DAY TO DAY'

The role will require a deep understanding of PMI business and IT processes. Close collaboration with IT team and business stakeholders at regional level, in order to understand market prioritization and contribute to strategic goals of PMI. Be the ‘glue’ that brings regional IT Team, PMI assurance functions as well as market IT suppliers’ teams together. Your ‘day to day’ will include the following,

- Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools

- Identify cybersecurity issues in systems, e.g. by reviewing their overall architecture and attack surface, validating trust boundaries and data flows, understanding the integration with external systems, etc. - Embed cybersecurity into the systems development life cycle process, e.g. by leading the execution of threat modeling activities and fostering the adoption of DevSecOps principles.

- Advise on how to remediate identified cybersecurity issues, in the most effective and cost-efficient way

- Define the standard operating principles for the local IT teams and help implement consistently across different regions to improve the security and speed of delivery for the technical/data products

- Perform active governance on key security metrics for the IT regional teams operating under the PMI IT security principles and practices.

- Take accountability for general IT control processes/life cycle (not the execution part) of the solutions in scope, including evaluating vendor SOC attestations

- Raise security awareness across the IT organization by providing coaching, training, promoting webinar attendance or similar activities that reduce the number of repeated application security weaknesses and technical vulnerabilities.

- Participate and support during internal or external IT audits, incl. regulatory reviews, to make sure all the data and evidence presented is accurate and complete. Participate in the rating discussions. Ensure timely completion of remediation activities

- Support regional IT teams in analyzing the scope, methodology and results of security testing and ethical hacking activities performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI.

- Support the creation of security guidelines and best practices as well as contribute to creation of internal frameworks, common features to improve security and speed of delivery of technical/data products

WHO WE'RE LOOKING FOR

- Experience in IT Security and/or related technology experience and track record in IT Security, IT Risk management or IT audit function within large international organizations. - Experience guiding and assisting organizations in implementing appropriate IT Security practices and mitigating risk with sustainable controls

- Proven track record in supporting development teams throughout all phases of systems development life cycle (design, development, maintenance)

- Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.), cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) , identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)

- Familiarity with most common web application security issues (e.g. OWASP top 10)

- Good understanding of regulatory requirements (e.g. SOX, GDPR, PCI) and their impact on systems

- Knowledge of security integration with CI/CD Pipeline

- Knowledge of ITIL framework and processes

- High degree of initiative, dependability, and ability to work with little supervision

- Strong communication skills and ability to communicate technical subjects to both IT and business–centric audiences to build champions and deliver results

- Team player with ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and teamwork

- Excellent written and verbal communication skills in English

- Must have at least a bachelor's degree, preferably in computer science

- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials is desired

- Flexible approach to travel (15-20%) once things settle down

OTHERS

This role will based either in Japan or Korea or Indonesia or Philippines.

Relocation support is not available for this job.

WHAT WE OFFER

Our success depends on our talented employees who come to work here every single day with a sense purpose and an appetite for progress. Join PMI and you too can: • Seize the freedom to define your future and ours. We’ll empower you to take risks, experiment and explore. • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong. • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress. • Take pride in delivering our promise to society: to deliver a smoke-free future.