Share this job
Apply now »







Title:  Information Security Risk & Control Manager

Job ID:  42481
Country:  Poland
City:  Warsaw
Professional area:  Information Technology
Contract type:  Permanent
Professional level:  Experienced

Warsaw, MZ, PL, 00-807


We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries.

But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business

That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend. And why we’ve been awarded Global Top Employer status, six years running

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea. 

Learn more: jti.com


Location: Warsaw

Our offer includes:

  • A competitive pay (together with annual bonus) and an attractive benefits package including medical care, Multisport card, life insurance, pension plan
  • Ambitious goals to develop and implement new information security solutions for our new Global Business Services centers in 3 locations (Warsaw, St. Petersburg and Manila) covering the transactional activities across HR, Finance, Supply Chain, Marketing and Sales, Legal
  • On-going development opportunities in a multinational environment that will inspire you to grow professionally and personally
  • Wide variety of projects and tasks, ambitious goals and independence in achieving them
  • Flexible working conditions
  • Modern office in a convenient location

Main areas of responsibility:

  • Ensuring the creation, approval, maintenance and communication of Information Security policies, procedures, standards and guidelines  
  • Providing advisory support to procedure owners, as well as high-level review to ensure standards and guidelines in order to address identified risk
  • Ensuring security procedures and standards are easily understood to promote optimal compliance
  • Promoting effective and concise documentation, written in plain English                                                                                            
  • Managing the Information Security Risk Management framework related to the processes that underpin IT services, reviewing them periodically and ensuring any deficiencies are tracked and remediated
  • Ensuring that IT risks identified relate to areas for investment to improve the security posture of JTI
  • Being responsible for periodical validation of JTI's risk appetite with senior management via the Enterprise Risk Management process in co-ordination with Corporate Sustainability
  • Developing simple and effective reports that provide Management with a clear indication of our Risk exposure
  • Working closely with the Financial Control Group to ensure that JSOX GCC controls are designed to mitigate the identified risk, that they are executable, communicated and understood by the owners
  • Working with control owners to ensure control operate effectively and are timely evidenced
  • Working closely with the Compliance Manager, who is responsible to ensure that the controls are tested to provide management assurance and coordinate the annual audit testing by internal/external audit
  • Being responsible for measuring JTI's security posture against an Industry standard, (ISO or NIST)  Information Security Management system
  • Simplifying the risk assessment process across the organisation in order to strengthen the business value of Information security and ensure efficient and effective controls are designed and implemented. Bringing efficiencies through automated controls wherever possible                                                                                                                                                                                                                                

You as a professional:

  • Have a University Degree (preferably in IT, Computer Science)
  • Have 5-7-years working experience in Risk management and controls specialization, extensive experience within an IT environment, essentially within a multinational company.  An audit background is an advantage
  • Have professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials                                      
  • Broad understanding of information security, policies and procedures frameworks, risk and controls frameworks, audit, data privacy etc.
  • Have experience in implementation of global risk assurance projects
  • Good interpersonal and business relationship skills in multicultural global environment, business acumen and open, dynamic personality
  • Fluent English (written and spoken) is a must                     






Job Segment: Risk Management, Information Technology, IT Manager, Information Security, Finance, Technology, Security

Apply now »