Philip Morris International is searching for a Regional Information Security Officer Eastern Europe and Middle East and Africa.
Your ‘day to day’:
Be the face of Information Security in the region. Maintain strong stakeholder relationships, evangelize security, advise senior leadership, and key stakeholders on cyber risks for EE&MEA Region
Operationalize and improve regional security governance structure and report to global security committees, as well as market and regional management teams
Deliver the Global Security program to the region and harmonize security practices and maturity across markets. Partner with other Regional ISOs and Global Information Security team, to define and implement a regional security engagement strategy
Understand the threats, security posture and business processes in the region in order to effectively embed them in the Security Program. Actively govern Cyber and Information Security risks in a manner that meets compliance, regulatory requirements, and PMI’s risk appetite
Communicate and support adherence to PMI’s Information Security policies and standards within the region. Work with global teams to ensure policies, standards, and control frameworks consider regional nuances responding to local laws, regulations, and other local requirements
Manage a team of Information Security Officers responsible for markets. Through your team, advise and support market business and enable them to implement practices that meet defined policies and standards for information security (Build Secure). Conduct cyber risk and maturity assessments, evaluate compliance of IT services with relevant security and regulatory requirements (Stay Secure)
Strengthen ownership and awareness of Information and Cyber Security through continuous trainings and awareness campaigns
Support regional execution of cyber-attack simulations and table-top exercises, coordinate Information Security Incident Response and Cyber Crisis Management within the region
Who the company is looking for:
12+ years information security and/or related technology experience and track record in information security and risk management leadership
Must have at least a bachelor’s degree, preferably in computer science
Experience in interacting, presenting and working with top management in both domestic and international corporate environments to engage stakeholders, drive decisions and communicate effectively
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
Knowledge and understanding of meaningful legal and regulatory information security requirements
Knowledge and experience in Cybersecurity, IT and Governance frameworks such as NIST, ISO 27001, SOX, PCI DSS, GDPR, COBIT, ITIL
Strong influencing and negotiation skills and diplomacy
Strong leadership skills and ability to lead and motivate multi-functional, interdisciplinary and multi-geographical teams to achieve tactical and strategic goals
Flexible approach to travel (15-30%)
Excellent command of English and Russian
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials is desired
What the company offers:
Compensation package:
Learning and development opportunities, including international assignments
Competitive salary
Corporate Pension plan
Life and disability insurance, voluntary medical insurance (inc. dental care and critical diseases)
Additional paid day offs on personal event
Meal allowance
Flexibie work program:
Flexible working hours
Remote work
Compressed Friday
Wellbeing programs:
Multisport co-sponsoring program
Social and charity events
«Guest Talk» program – external speakers share best practices
Employee Assistance Program (EAP).
...