Share this job
Apply now »







Title:  Cyber Security Assurance Manager

Job ID:  62365
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Madrid, M, ES, 12799


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend. And why we’ve been awarded Global Top Employer status, six years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more: jti.com


Cyber Security Assurance Manager


Department: Technical Security Center, Global IT

Location: Madrid, Spain

Local applicants welcome.

Reporting to: Technical Security Center Manager

Role: Permanent


What this position is about - Purpose:

This position exists to ensure compliance with corporate JTI security standards and industry best practices and manage continuous assurance programs which include infrastructure (systems and networks), applications and security solutions currently used in JTI.

The objectives of this position are to manage on-going and continuous process of proactive technical security assessments which could deliver results, meet information security goal and comply with internal corporate standards and (global/local) external regulatory requirements. Additionally, this position needs to automate security validation process in the way it could be more convenient and provide descriptive details on how to rectify/fix security gaps found during the process.

The position requires knowledge or expertise on the following: evaluation of effectiveness of internal controls, breach and attack simulation solution(s) implementation, define / integrate defense tactics in offensive strategies, provide security metrics regarding offensive/defensive activities.


- Knowledge of OT security considerations, including ICS and safety systems.


What will you do - Responsibilities: 

  • Continuous Assurance verification using DevOps automated testing tools. Definition of operating model and analysis of further solutions to automate runtime protection (RASP) in continuous Integration environments (Gitlab, Azure DevOps, Github, etc.) used by different teams in JTI.
  • Continuous Assurance verification in containerized environments in which dockers/Kubernetes are used. Continuous definition/review of policies/settings to perform continuous workload protection, continuous Kubernetes protection and continuous containers/microservices protection.
  • Continuous Web and mobile-based application Security Assurance. Define methodology and criteria to assess the security of constantly changing, business-critical web-based/mobile-based applications). Analysis of tools to provide continuous assurance (threat management, verification of the effectiveness of the applied application hardening measures, etc.).
  • Continuous Network Security Assurance. Definition of a plan based on what to test, how and environments to be tested.
  • Continuous Third-party Security assurance. Define framework and procedures for continuous third-party assurance and analysis/definition/implementation of automation tools to support in conducting security assessments where possible such as third-party technical security assessments based on projects, services provided, and IT products delivered.   
  • Security solutions periodical checks or technical auditing (ASM / APM WAF rules, TM Security Workload protection rules, TME email protection rules, WD for endpoints/ for identity rules/policies, etc.)
  • Continuous assurance checks to verify security design and architecture and requirements are in place before production implementations take place.
  • IoT security Continuous assurance evaluation. Evaluate IoT device's connectivity, potential losses, and threats yields an objective set of priorities for a development team to tackle.
  • Perform multi-vector simulations and security diagnostics (both on-demand attack simulations or targeted attack simulations) based on critical assets and security solutions in JTI automating the process using solutions which can help provide results on overall security posture so as to take action(s) accordingly. Development of short and long-term strategic security technology roadmaps which support our enterprise technology roadmaps and key business objectives


Who are we looking for - Requirements: 

  • University degree in Computer Engineering, Information Systems, or related field or relevant experience.
  • 5 years of Pen Testing / Application, Network, System Security Assessment, Ethical Hacking, Vulnerability Management
  • Experience in cyber security assessments of an international corporation in a multicultural environment.
  • Preferably manage their own blog, be active as security evangelist or in publishing discovered vulnerabilities.
  • Analytical, organized and efficient team player
  • Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance, PCI DSS.
  • Expertise on the following: evaluation of effectiveness of internal controls, breach and attack simulation solution implementation, integration of defense tactics in offensive strategies, security metrics regarding offensive/defensive activities.

  • Fluent English written and spoken.
  • Excellent team leadership, excellent analytical and communication skills.


What are the next steps - Recruitment Process:

Thank you very much for your interest in the role. You are welcome to apply. 

We will make sure every candidate will receive a reply within 2 weeks after the application deadline. 

Job Segment: Corporate Security, Engineer, Cyber Security, Law, Security, Engineering, Legal

Apply now »