Apply now »
City:  WARSAW

 

 

 

 

 

Third Party Security Risk Manager (m/f/d)

29 Jun 2026
Job ID:  106882
Country:  Poland
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced
Location: 

WARSAW, PL, 00-841

 

 

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

 

To make a difference with us, all you need to do is bring your human best.

 

What will your story be? Apply now!  

Learn more: jti.com

 

 

 

 

 

Third Party Security Risk Manager (m/f/d)

 

 

About the position:
 

The Third Party Security Risk Manager is responsible for managing and overseeing the organization’s Third-Party Security Risk Management (TPSRM) program. This role ensures that vendors, suppliers, partners, and external service providers meet JTI’s cybersecurity, compliance, and risk management requirements while supporting our business operations and regulatory obligations.

 

Responsibilities:

 

  • Third-Party Risk Assessment and Due Diligence

Conduct cybersecurity risk assessments for third-party vendors, suppliers, and service providers. 
Evaluate vendor security posture during onboarding, renewal, and ongoing monitoring activities. 
Review security questionnaires, audit reports, certifications, and supporting documentation. 
Assess vendor controls against internal security standards and industry frameworks. 
Identify inherent and residual risks associated with third-party engagements. 

  • Security Governance and Compliance

Ensure third-party compliance with applicable cybersecurity frameworks, regulations, and policies including ISO 27001, NIST, SOC 2, GDPR, PCI-DSS, etc. where applicable. 
Support internal and external audit activities related to vendor security risk management. 
Maintain and improve third-party security policies, standards, procedures, and governance processes. 
Ensure vendor risk activities align with enterprise risk management objectives. 

  • Risk Mitigation and Issue Management

Document identified security risks, gaps, and control deficiencies. 
Work with vendors and internal stakeholders to define remediation plans and mitigation strategies. 
Track remediation progress and validate closure of identified issues. 
Escalate high-risk findings and unresolved issues to leadership as appropriate. 
Support ongoing monitoring of vendor cybersecurity risks and emerging threats. 

  • Stakeholder and Vendor Management

Coordinate phishing simulation and social engineering exercises.
Use simulation outcomes to improve learning, communications, and engagement.
Partner with cyber teams to align campaigns to emerging threats.
Measure behavior change and security culture maturity.

  • Stakeholder Collaboration, Influence & Continuous Improvements

Partner with Procurement, Legal, Compliance, Privacy, Digital &IT, and business teams throughout the vendor lifecycle. 
Provide security risk guidance during vendor selection, contract negotiations, and renewals. 
Communicate assessment results and risk recommendations to technical and non-technical stakeholders. 
Build effective working relationships with internal teams and external vendors. 

  • Reporting, Metrics, and Program Management

Maintain accurate vendor risk records, inventories, and assessment documentation. 
Develop and deliver risk metrics, dashboards, and reporting for management and governance committees. 
Support continuous improvement of the Third-Party Security Risk Management program. 
Assist in developing strategic initiatives to enhance vendor risk oversight and operational efficiency. 

 

Requirements:

  • Bachelor’s degree in Cybersecurity, Information Security, Information Technology, Risk Management, or related field. 
  • Professional certifications such as CISSP, CISM, CRISC, CISA, or CCSP.
  • Strong understanding of cybersecurity frameworks and standards including NIST, ISO 27001, SOC 2, CIS Controls, GDPR etc.
  • Minimum of 5 years of experience in cybersecurity, risk management, compliance, audit, or third-party/vendor risk management
  • Experience working with Governance, Risk, and Compliance (GRC) tools and vendor risk management platforms. 
  • Experience supporting cloud security assessments and SaaS vendor evaluations.
  • Experience conducting security assessments and evaluating vendor security controls.
  • Fluent English written & spoken
  • Strong analytical and risk assessment skills. 
  • Excellent written and verbal communication abilities. 
  • Ability to communicate technical concepts to non-technical audiences. 
  • Strong organizational and stakeholder management skills. 
  • Ability to manage multiple priorities in a fast-paced environment. 
  • Sound judgment and risk-based decision-making capabilities.

 

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

 

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

 

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.

 
Hide Element Example
Back to search results

Apply now »