Apply now »
City:  WARSAW

 

 

 

 

 

INFORMATION SECURITY RISK MANAGER

23 Apr 2026
Job ID:  105610
Country:  Poland
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced
Location: 

WARSAW, PL, 00-841

 

 

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

 

To make a difference with us, all you need to do is bring your human best.

 

What will your story be? Apply now!  

Learn more: jti.com

 

 

 

Information Security Risk Manager

About the Role:

The Information Security Risk Manager plays a pivotal role in JTI’s efforts to identify, assess, and manage information security and IT risks. This position ensures that information security risks are clearly understood, effectively managed, and aligned with JTI’s strategic objectives.

You will be responsible for implementing robust risk management practices, strengthening IT & Security risk governance, ensuring compliance with international standards and regulations, and collaborating closely with stakeholders across Digital & IT, Security, Legal, Compliance, and Enterprise Risk Management (ERM). You will also support the implementation and enhancement of automated risk management processes and tools, such as ServiceNow GRC.

 

What will you do - Responsibilities:

Risk Identification & Assessment

  • Conduct regular IT and information security risk assessments across systems, applications, networks, and third‑party vendors
  • Identify cybersecurity threats, vulnerabilities, and areas of non‑compliance
  • Monitor emerging IT and cyber risks based on evolving technologies and threat intelligence

Risk Mitigation & Control Development

  • Develop and implement effective risk mitigation strategies
  • Design and recommend security controls to protect IT infrastructure and sensitive information
  • Partner with Digital & IT, Security, and business teams to embed controls into processes

Monitoring & Reporting

  • Define and maintain Key Risk Indicators (KRIs) and KPIs for IT and cyber risks
  • Prepare clear risk reports and dashboards for senior leadership and key stakeholders
  • Escalate critical risks and incidents in a timely manner

Governance & Compliance

  • Maintain and enhance the IT & Security Risk Management governance framework (policies, risk appetite, playbooks, operating cycle)
  • Ensure compliance with industry standards (e.g. ISO 27001, NIST) and regulatory requirements (e.g. GDPR)
  • Support internal and external audits and security assessments

Collaboration, Awareness & Resilience

  • Act as a key liaison between IT, Security, Legal, Compliance, ERM, and business teams
  • Promote a risk‑aware culture through training and awareness initiatives
  • Contribute to incident response planning, resilience initiatives, and post‑incident investigations

Who are we looking for - Requirements:

  • Bachelor’s degree in Cybersecurity, Information Technology, or a related field
  • Master’s degree is an advantage
  • Professional certifications such as CISSP, CISM, or CRISC are highly desirable
  • 5+ years of experience in information security, IT risk management, cybersecurity, or a related field
  • Hands‑on experience with risk assessments, risk reporting, and security governance
  • Experience working with security frameworks (e.g. NIST, COBIT)
  • Knowledge of cloud security and modern IT environments
  • Experience with risk automation platforms (e.g. ServiceNow GRC) is a strong plus
  • Strong understanding of information security principles, technologies, and risk management methodologies
  • Analytical mindset with excellent problem‑solving skills
  • Ability to communicate complex security concepts to non‑technical stakeholders
  • Strong collaboration and stakeholder management skills
  • Fluent spoken and written English 

What are the next steps – Recruitment process:

Thank you very much for your interest in the role. You are welcome to apply. Should you have any questions, you are welcome to contact @Olha Myroshnychenko

 

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

 

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

 

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.

 
Hide Element Example
Back to search results

Apply now »