Share this job
Apply now »







Title:  Cyber Application Security Manager

Job ID:  58837
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Madrid, MD, ES, 13799


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend. And why we’ve been awarded Global Top Employer status, six years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more:

Cyber Application Security Manager


What this position is about - Purpose:


The mission of the Technical Security Centre team is to provide security expertise and best practices to other IT functions by ensuring consistent and high security standards are applied in the development and ongoing evolution of the JTI IT infrastructure and business applications. The scope includes, but is not limited to, corporate network, workstations, servers, mobile devices, business applications, unified communications, Internet and related IT services.


What will you do - Responsibilities:


  • Accountable for Application Security Architecture, defining optimal solutions to meet business requirements in line with best practices, technology developments and JTI standards within on-premise, cloud and mobile environments
  • Responsible to identify opportunities to innovate methodology/solutions to improve the delivery of cyber security
  • Provide expertise to the technical teams (Global and Local) for implementing and enforcing Application Security best practices
  • Owner of the corporate application security design and related project coordination
  • Constantly strive to improve Cyber Security and IT processes & workflows to improve efficiency and delivery times. Full awareness and close follow-up on new technology and security industry trends
  • Ensure proper technical recommendations and effort analysis are provided in a timely manner, for all change and service requests in the Application Security field assigned to Technical Security Centre team
  • Provide technical security expertise, ensure technical solutions follow best practice & JTI standards and are implemented accordingly
  • Research security trends and emerging technologies related to application security (automated tools and/or RASP solutions), identify our business and technical requirements, perform technical evaluation and support deployment of multi-regional security solutions if required
  • Deliver key performance indicators for Technical Security Centre activities
  • Accountable to maintain and update policies, procedures, standards and guidelines in the area of responsibility
  • Ensure policies, procedures, standards and guidelines are consistently applied in all solutions, projects and initiatives
  • Deliver regular and consistent input and reports to support the JTI compliance, audit and risk control teams
  • Ensure that security operations aspects are taken into account when designing or approving new solutions
  • Provide expertise and help on troubleshooting complex cyber security and technical incidents in the area of responsibility


Who are we looking for - Requirements:   


  • University computer engineering degree and relevant experience in IT; CISSP, CEH are a plus
  • 5-10 years of Secure Application Development, Application Security management, Ethical Hacking
  • Experience in the IT environment of an international corporation in a multicultural environment
  • Specialist in security technologies. Web-based security technology and complex application security solution design & review is mandatory
  • 2+ years of Project Management experience
  • Excellent team player and communication skills
  • Preferably manage their own blog, be active as security evangelist or in publishing discovered vulnerabilities
  • Analytical, organized, and efficient
  • Sets priorities to meet objectives
  • technical background, structured approach, ability to work with internal and external providers
  • Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance, PCI DSS
  • Knowledge of DevSecOps lifecycle and security tasks or operations to be included as part of DevSecOps lifecycle; Hands-on experience with automated testing solutions integration (SAST, DAST, IAST, SCA) like Fortify, Veracode, Checkmarx, Synopsys, etc. 

Job Segment: Corporate Security, Engineer, Developer, Risk Management, Security, Engineering, Technology, Finance

Apply now »