Title:  Cyber Security Compliance Manager

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!  

Learn more: jti.com

City: Taguig

Professional Area: Digitial & Information Technology

Contract Type: Permanent

Professional Level: Experienced

Reporting to: Information Security & Risk Director

Cyber Security Compliance Manager

 The Cyber Security Compliance function is responsible for monitoring the implementation of security hardening controls across systems and endpoints, ensuring alignment with organizational standards and industry best practices. The role also oversees patch management compliance, identifying deviations and supporting remediation efforts. In addition, it includes continuous monitoring of the organization's external security posture to detect potential vulnerabilities or exposures, working collaboratively with technical teams to address risks and maintain a strong cybersecurity posture.

What will you do - Responsibilities:

Infrastructure & Network Security Hardening

• Ensure compliance of global JTI infrastructure against our internal hardening standards developed by JTI Cyber Security Architects
• Adapt guidelines to audit templates to be used by vulnerability scanners and identify misalignments between JTI standards and the assets scanned from multiple technologies (Windows, Unix, …)
• Identify most critical findings, address them accordingly the risk to the relevant stakeholders and ensure the gaps are fixed in timely manner.

Digital Workplace

• Monitor patch compliance across all workstations, ensuring alignment with defined patching policies and service level agreements (SLAs).
• Identify workstations with missing or outdated patches, assess associated risks, and escalate non-compliance issues as needed.
• Coordinate with endpoint management and IT support teams to track remediation progress, ensuring timely resolution and closure of identified gaps.

Perimeter

• Monitor the organization's security rating dashboard for changes, alerts, and trends.
• Analyze external risk vectors including botnet infections, open ports, malware communication, and TLS/SSL issues.
• Track and interpret findings related to IP reputation, DNS hygiene, and application vulnerabilities.

KPI and Reporting

• Monitor and report on system hardening compliance, including percentage of compliant assets and trend analysis across infrastructure.
• Track patch management performance, measuring patch compliance rates and mean time to remediation for critical vulnerabilities.
• Provide regular reporting on external security posture, highlighting identified exposures, resolution timelines, and recurring risk areas.
• Manage various tasks and projects in scope of Cyber Security compliance as they arise and upon line manager’s request.

Who are we looking for - Requirements

Education

• University degree in Computer Sciences, Information Systems, or related field or relevant experience
• 2-3 years Vulnerability Management and/or relevant technical experience related with the responsibilities described
• Fluent English written and spoken
• Reading/Speaking Japanese language would be useful

Technical Skills and Experience

• Experience with vulnerability scanning tools such as:
  • Tenable (Nessus, Tenable.io, Tenable.sc) or similar vulnerability scanners
  • BitSight or similar cybersecurity rating platforms
• Knowledge of perimeter security concepts'
• Familiarity with security hardening frameworks and benchmarks (e.g., CIS, NIST, STIGs)
• Understanding of network protocols and infrastructure (DNS, HTTP/S, TCP/IP, etc.)
• Ability to analyze vulnerability scan results, assign risk levels, and coordinate remediations
• Experience with ticketing and workflow tools, especially ServiceNoW

Analytical and Communication Skills

• Strong ability to assess risk and prioritize issues based on business impact
• Comfortable creating compliance dashboards and reports
• Ability to write clear and actionable tickets or findings for IT teams
• Good documentation skills (procedures, security assessments, remediation plans)
• Ability to translate technical findings into business language for non-technical stakeholders
• A proactive mindset to follow up on open findings and push remediation forward

What to Expect?

Expect wellbeing initiatives, flexible work arrangements, growth opportunities, and excellent benefits, including a unique family leave policy. For more details on local policies, speak with the Talent Advisor. 

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.