Share this job
Apply now »







Title:  Information Security Manager

Job ID:  80562
Country:  Poland
City:  Warsaw
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Warsaw, MZ, PL, 00-841


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It is why 87% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, eight years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more:


Department: Information Security 

Location: Warsaw

Role: Permanent



What this position is about – purpose:


The role exists to ensure that information security threats are effectively identified and mitigated throughout the organization. As a member of the Information Security GRC Program and Integration team, the role works closely with different stakeholders in terms of cyber risk, compliance,  awareness  and overall governance as well as participating in various information security projects. The role is composed of a variety of duties including strategic and operational activities (depending on the current needs). The role will also form a close connection between business locations, functions and information security to ensure effective integration.

What will you do – responsibilities:


  • BUSINESS RELATIONSHIP MANAGEMENT: Become the efficient link between Information security and JTI organization (Regions, markets, factories, leaf origins, global Business and IT functions, GBS, etc.). Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required.
  • PROGRAM DELIVERY: Drive the success of currently assigned information security projects in line with agreed plans, timelines and budget.
  • RISK & COMPLIANCE: Support the development of information security policies and accompanying risk assessments with identification of mitigating controls. Support development and delivery of planned compliance reviews to ensure the gaps are addressed.
  • REPORTING: Provide risk metrics and performance data to support the central reporting of overall cyber risk posture. Support development of information assets inventory to ensure the assets and related threats are identified.
  • RESILIENCE: Support cyber resilience management through facilitation of business impact analysis at local and global levels (such as factory, region, GBS, HQ). Support entities in their business continuity planning and maintenance efforts. Support disaster recovery process by assisting in awareness programs, promoting tools, procedures and guides to D&IT and relevant teams. Support coordination with regions the annual tests planning and execution.
  • AWARENESS: Educate stakeholders to increase information security awareness and improve risk culture by empowering the employees to understand cyber risk, what to look out for and what to do in the event of an incident. Support the security awareness program and campaigns to ensure the employees are aware how to better protect and defend themselves and ultimately JTI against cybercrime.
  • DIGITAL INVESTIGATIONS: Working with support from relevant functions and in line with the strict procedural requirements to support specific digital investigations in terms of Corporate Security, Data Privacy, Legal or other corporate functions when required.
  • INFORMATION PROTECTION: Ensure digital solutions (such as DLP, MIP) meet JTI requirements through effective cooperation with internal and external partners. Minimizing shadow IT and improving application portfolio compliance. Ensuring measurement and evaluation on user adoption for global information protection measures and that any new requirements for such measures are met through collaboration with relevant functions and business units.

Who are we looking for – requirements:

•    Relevant university degree or suitable experience.
•    Certified Information Systems Security Professional (CISSP) or relevant experience.
•    Expertise in ISO 27001/2 and evolving security standards and regulations.
•    Experience in technology risk managing with practical knowledge in designing, implementing and testing of controls in an international fast-paced organization and with the ability to leverage this to influence stakeholders (understanding of OT is an advantage).
•    Aptitude to analyze complex issues, identify root cause problems and implement effective corrective measures and solutions.
•    Ability to work both independently and collaboratively as part of a team.
•    Confident and energetic self-starter with strong interpersonal skills.


What are the next steps – Recruitment process:


Thank you very much for your interest in the role. You are welcome to apply.


Job Segment: Information Security, Cyber Security, Information Technology, IT Manager, Corporate Security, Technology, Security

Apply now »