Share this job
Apply now »







Title:  Cyber Security Control Manager

Job ID:  73893
Country:  Spain
City:  Madrid
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Madrid, MD, ES, MA1000


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It is why 87% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, eight years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more:



Cyber Security Control Manager


What this position is about - Purpose: 


Effective governance ensures that the necessary objectives, structures and rules are in place to maintain and enhance SOC capabilities. It includes critical asset management framework, alignment on design and implementation of relevant Policies & Procedures, define a resilience plan for internal SOC operations, maintain critical asset inventory.

Security Operations Center is a multifunctional team that perform various tasks based on thoroughly developed processes in line with Information Security standards. The governance capability is limited in JTI SOC and this position is for developing and creating the necessary operational assets and providing support for functions to ensure SOC effectiveness.


What will you do - Responsibilities: 


  • With support from SOC experts, develop SecOps procedures for each functional area that will define actions to be taken in different scenarios as well as provide guidance for making decisions where uncertainty exists. Initiate and control timely review of the procedures and guidance, when necessary provided assistance to SOC team members in document creation and spelling.
  • In collaboration with Business Continuity and Disaster Recovery, Risk Management/GRC functions ensure that SOC is provided with the up-to-date catalogue of critical assets and services, align on Major Incident Response protocol, prioritise the most critical tasks in scope of Security Incident Response and Vulnerability Management.
  • Together with other SOC functions and Security Service Provider, develop and execute meaningful exercises to assess SOC processes, procedures and people involved in security operations, arrange periodical SOC functions testing. Refine documents and deliver necessary remediation actions discovered during rehersals, drive changes on found failures and weaknesses.
  • Align SecOps processes with IT stakeholders and Security Service Provider, establish effective boundaries with clear demarcation of responsibilities, and transition between external and internal SOC.
  • Define new and apply existent KPIs to measure SOC performance including external resources. Provide regular KPI/KRI report to SOC team lead with thorough analysis of trends and recommendations that could improve company security posture and team effectivenes. 


Who are we looking for - Requirements: 


  • University degree in Computer Sciences, Information Systems, or related field or relevant experience.
  • 3-5 years experience in IT and Information Security field and creating and maintaining Procedures/Process description. Solid knowledge of Information Security principals and standards, Incident Response fundemantals and functions.    
  • Fluent English written and spoken.
  • Analytical/problem solving ability.
  • Process management and Standard/Procedures literacy.
  • Change management.
  • Ability to work under constantly changing conditions and tight deadlines.
  • Strong verbal, written communication and presentation skills.
  • Scripting/programming skills.


What are the next steps – Recruitment process: 


Thank you very much for your interest in the role. You are welcome to apply. 

Should you have any questions, you are welcome to contact Ewa Falkiewicz – Recruiter ( 

Job Segment: Cyber Security, Document Management, Information Security, Information Systems, Risk Management, Security, Technology, Finance

Apply now »