Praca Information Security Risk & Control Manager Warszawa, mazowieckie

Praca Information Security Risk & Control Manager Warszawa, mazowieckie

JTI Polska profil

Jesteśmy wiodącą, międzynarodową firmą tytoniową, wywodzącą się z Grupy Japan Tobacco. Działamy w 130 krajach na świecie, zatrudniamy ponad 45 tys. osób i mamy w swoim portfolio jedne z najbardziej znanych marek, w tym Camel, LD, Winston oraz Logic dostępne na polskim rynku.

W Polsce zatrudniamy ponad 2 tys. pracowników i jesteśmy trzecim graczem w branży tytoniowej. Wkraczając na polski rynek w 2007 roku, postanowiliśmy, że na pierwszym miejscu zawsze będziemy stawiać naszych pracowników. Tworzymy kulturę opartą na współpracy, dzięki czemu w naszych zespołach panuje wyjątkowa atmosfera. Szerokie zakresy odpowiedzialności dają możliwość zdobycia nowej wiedzy i umiejętności, co przekłada się na świetną jakość działania oraz szybki rozwój naszej firmy. Stosujemy także najlepsze praktyki w zakresie rozwoju talentów, wdrażania nowo zatrudnionych osób czy możliwości szkoleniowych.

Nasze starania, by być najlepszym pracodawcą dla naszych ludzi, zostały wyróżnione na rynku: w roku 2010 po raz pierwszy zawitaliśmy do grona Top Employers Polska, a w 2020 roku po raz drugi z rzędu zajęliśmy w tym rankingu 1. miejsce.

Firma: JTI Polska | Information Security Risk & Control Manager

Miejsce: Warszawa, mazowieckie

Opis stanowiska

  • Ensuring the creation, approval, maintenance and communication of Information Security policies, procedures, standards and guidelines  
  • Providing advisory support to procedure owners, as well as high-level review to ensure standards and guidelines in order to address identified risk
  • Ensuring security procedures and standards are easily understood to promote optimal compliance
  • Promoting effective and concise documentation, written in plain English                                                                                            
  • Managing the Information Security Risk Management framework related to the processes that underpin IT services, reviewing them periodically and ensuring any deficiencies are tracked and remediated
  • Ensuring that IT risks identified relate to areas for investment to improve the security posture of JTI
  • Being responsible for periodical validation of JTI's risk appetite with senior management via the Enterprise Risk Management process in co-ordination with Corporate Sustainability
  • Developing simple and effective reports that provide Management with a clear indication of our Risk exposure
  • Working closely with the Financial Control Group to ensure that JSOX GCC controls are designed to mitigate the identified risk, that they are executable, communicated and understood by the owners
  • Working with control owners to ensure control operate effectively and are timely evidenced
  • Working closely with the Compliance Manager, who is responsible to ensure that the controls are tested to provide management assurance and coordinate the annual audit testing by internal/external audit
  • Being responsible for measuring JTI's security posture against an Industry standard, (ISO or NIST)  Information Security Management system
  • Simplifying the risk assessment process across the organisation in order to strengthen the business value of Information security and ensure efficient and effective controls are designed and implemented. Bringing efficiencies through automated controls wherever possible          

Wymagania

  • Have a University Degree (preferably in IT, Computer Science)
  • Have 5-7-years working experience in Risk management and controls specialization, extensive experience within an IT environment, essentially within a multinational company.  An audit background is an advantage
  • Have professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials                                      
  • Broad understanding of information security, policies and procedures frameworks, risk and controls frameworks, audit, data privacy etc.
  • Have experience in implementation of global risk assurance projects
  • Good interpersonal and business relationship skills in multicultural global environment, business acumen and open, dynamic personality
  • Fluent English (written and spoken) is a must          

Oferujemy

  • A competitive pay (together with annual bonus) and an attractive benefits package including medical care, Multisport card, life insurance, pension plan
  • Ambitious goals to develop and implement new information security solutions for our new Global Business Services centers in 3 locations (Warsaw, St. Petersburg and Manila) covering the transactional activities across HR, Finance, Supply Chain, Marketing and Sales, Legal
  • On-going development opportunities in a multinational environment that will inspire you to grow professionally and personally
  • Wide variety of projects and tasks, ambitious goals and independence in achieving them
  • Flexible working conditions
  • Modern office in a convenient location

Komentarze (0)