Share this job
Apply now »







Title:  Information Protection Manager

Job ID:  82802
Country:  Poland
City:  Warsaw
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Warsaw, MZ, PL, 00-841


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It is why 87% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, eight years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more:


Please apply till October 6th, 2022
Global applicants welcome

IT Information Protection Manager

What is this position about – Purpose

The Information Protection Manager position is a business-facing role that exists to work primarily with JTI business to protect the confidentiality and integrity of JTI critical information assets globally.  
Collaborating with technical teams to meet business needs to secure our journey to the company's 2030 vision. Developing the concept of data ownership with clear responsibilities to better secure our data, the incumbent will define a simple and effective strategy to classify, identify, label, protect and monitor our critical data assets throughout it's lifecycle. He/she will be responsible to minimize the risk of data loss or corruption, by conducting risk assessments and making recommendations to ensure that critical or confidential data is adequately secured as a program of continuous improvements. Driving best practices in data protection through policy, procedure, and education he/she will be responsible to identify opportunities to exploit existing capabilities and new technology offering to automate data protection controls.

What will you do – responsibilities:

Information Classification Process and Critical Information Asset Register

•    Own the Information Classification Standard, and ensure it meets the business objectives.
•    Develop an effective process to identify, classify, label and protect JTI's most critical and confidential data and roll this process out globally to ensure our data is protected wherever it resides throughout it's lifecycle.


 Data Ownership and Asset Register

•    Introduce the concept of critical data ownership with clearly defined responsibilities.
•    Provide training and awareness on classification and data ownership responsibilities to promote data-centric behaviors. Create a critical Information Asset Register across JTI.
•    Work in collaboration with the Information Management team.

​​​​​​•  Experience and understanding of working with data

Information Protection Controls Management & Regulatory Compliance

•   Experience of managing other security, data or risk regulatory framework with a strong security focus would be an advantage

•   Experience  in a data protection or compliance role, with a robust understanding of the core elements of data protection law/regulation and the interface with digital and logical security

•    Ensure effective controls are in place to ensure classified information is adequately protected wherever it resides based on confidentiality.  
•    Work with subject matter experts as well as our Corporate Data Protection Officer to identify developments in information security/protection laws and regulations that may impact company information security policies and practices.  
•    Define policy and procedure to drive regulatory IT compliance.
•    Work in close collaboration with IAM function to ensure confidential data access compliance.

Data Loss Prevention and Data Breach Detection

•    Responsible to identify the business need and governance behind these technologies, working with the Technical Security team to research technology solutions from existing and new providers to detect and minimize the risk of dta loss of JTI critical data assets to bring continuous improvements. 
•    Build business cases, and budget requirements and define project requirements to make it happen.

IT Risk Assessment & Compliance

•    Conduct risk assessments for new technology solutions and/or 3rd party technology providers to ensure adequate protection is in place for our confidential data processing.
•    Implement best practices to the existing process to improve high-risk confidential data processing as part of our continuous improvement strategy.


Data Breach response

•    Responsible to support the Data Incident response procedure, in the event of a data incident.
•    Manage the implementation of remediation and control activities to prevent reoccurrence.
•    Understand the regulatory requirements in the event of a personal data breach.  In the event of a data breach to inform Information Security management of the extent of the breach in as short a time frame as possible.
•    In the event of a data breach incident, the incumbent will be required to conduct an investigation to determine the remediation and control activities required to prevent reoccurrence.


Controls Verification
•    Periodically conducting data protection audits to verify the effectiveness of the IT controls. 
•    Providing feedback and working in collaboration on improvements to the controls framework and ensuring timely risk mitigation.


End-to-end KPI reporting

•    Produce key measurements of the information security teams effectiveness and performance to provide assurance to senior management of JTI's strengthening security posture.

Who are we looking for – requirements

•    University Degree or suitable experience.
•    Experience as Business Change Manager, with an IT security governance and controls background
•    Project and Stakeholder Management experience
•    Fluent English written and spoken
•    Certified Information Systems Security Professional (CISSP) qualification or equivalent relevant experience would represent an advantage


Job Segment: Information Security, Information Technology, Loss Prevention, Compliance, Law, Technology, Security, Legal

Apply now »