Share this job
Apply now »







Title:  Cyber Digital Security Manager

Job ID:  73845
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Madrid, M, ES, 12600


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It is why 87% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, eight years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more:





Cyber Digital Security Manager

Position purpose:


This position exists to ensure the consistent security of the digital ecosystem (DES) and e-commerce solutions and is part of the Cyber Security Centre.


The Cyber Security Centre delivers high quality, cost-effective security services within the scope of the global JTI infrastructure and application landscape. The function includes security architecture, design, innovation, assurance, service delivery and SOC. The incumbent is responsible to ensure that technical security standards are defined and implemented across all DES and e-commerce platforms to secure them from internal and external threats. He/She will work closely with the Security Solutions, Digital Solutions and E-commerce teams to ensure security best practices are followed in the DevOps lifecycle and implemented in the solution design and deployment.


What will you do – responsibilities:


  • Accountable for Security Architecture (design, review, implementation), ensuring business solutions are in line with best security practices, technologies and JTI standards.
  • Responsible to identify opportunities to innovate methodology/solutions to improve the security posture of e-commerce solutions and platforms.
  • Provide expertise to the technical teams (Global and Local) for implementing and enforcing Security best practices.
  • Owner of the DevSecOps process and contribution to the Continuous Integration and Continuous Deployment (CI/CD).
  • Apply and formalize proper e-commerce security standards aligned with evolving threat landscape
  • Responsible for CI/CD security control by ensuring proper implementation and usage of SAST, DAST, IAST and SCA tools, corresponding processes, bug/vulnerability tracking, remediation and follow-up
  • Coordinate appropriate security assessments on a regular basis and follow-up on recommendations and corrective action implementation
  • Drive service providers and development teams to continuously meet and exceed JTI's expectations regarding security best practices, awareness and integration in the DevOps process.
  • Constantly aim to improve security assessment results and security posture by providing relevant indicators, metrics, reports and remediation plans
  • Ensure all security aspects are adequately documented and follow standard JTI processes (incident, change and problem management)
  • Work in close cooperation with and provide necessary support to global and local IT teams (GDC, BTS, I&O) ensuring proper / frequent updates to all Global/Local IT and Cyber Security Team Members.
  • Organize and coordinate workshops to promote security best practices and/or to align technology solutions
  • Manage a small team of external contractors working directly with the DES and e-commerce development and implementation teams
  • Ensure timely delivery of security components, evaluations, assessments.


Who are we looking for – requirements:


  • University degree in Computer Engineering, Information Systems, or related field or relevant experience
  • 3+ years’ experience in Information Technology, with a particular focus on DevOps and E-Commerce Security
  • Fluent English written and spoken.
  • Cyber security management and support in a global environment. 
  • Strong communication & project management skills
  • Coordination, organisational and meeting facilitation skills
  • Knowledge of e-commerce related standards (PCI DSS, etc.)
  • Knowledge of Security Management standards such as OWASP, NIST, ISO, Cloud Alliance
  • Hands-on experience with automated testing solutions integration (SAST, DAST, IAST, SCA) like Synopsys, Fortify, Veracode, Checkmarx, etc.



Job Segment: Cyber Security, Information Systems, Manager, Project Manager, Security, Technology, Management

Apply now »