Jesteśmy wiodącą, międzynarodową firmą tytoniową, wywodzącą się z Grupy Japan Tobacco. Działamy w 130 krajach na świecie, zatrudniamy ponad 45 tys. osób i mamy w swoim portfolio jedne z najbardziej znanych marek, w tym Camel, LD, Winston oraz Logic dostępne na polskim rynku.
W Polsce zatrudniamy prawie 3 tys. pracowników i jesteśmy trzecim graczem w branży tytoniowej. Wkraczając na polski rynek w 2007 roku, postanowiliśmy, że na pierwszym miejscu zawsze będziemy stawiać naszych pracowników. Tworzymy kulturę opartą na współpracy, dzięki czemu w naszych zespołach panuje wyjątkowa atmosfera. Szerokie zakresy odpowiedzialności dają możliwość zdobycia nowej wiedzy i umiejętności, co przekłada się na świetną jakość działania oraz szybki rozwój naszej firmy. Stosujemy także najlepsze praktyki w zakresie rozwoju talentów, wdrażania nowo zatrudnionych osób czy możliwości szkoleniowych.
Nasze starania, by być najlepszym pracodawcą dla naszych pracowników, co roku zostają doceniane przez Top Employers Institute. Najlepszym dowodem na to jest przyznawany nam nieustannie od 2010 roku certyfikat Najlepszego Pracodawcy nie tylko w Polsce, a także w Europie (1. miejsce w rankingu w 2021 roku) oraz na świecie.
Opis stanowiska
The Information Protection Manager position is a business-facing role that exists to work primarily with JTI business to protect the confidentiality and integrity of JTI critical information assets globally.
Collaborating with technical teams to meet business needs to secure our journey to the company's 2030 vision. Developing the concept of data ownership with clear responsibilities to better secure our data, the incumbent will define a simple and effective strategy to classify, identify, label, protect and monitor our critical data assets throughout it's lifecycle. He/she will be responsible to minimize the risk of data loss or corruption, by conducting risk assessments and making recommendations to ensure that critical or confidential data is adequately secured as a program of continuous improvements. Driving best practices in data protection through policy, procedure, and education he/she will be responsible to identify opportunities to exploit existing capabilities and new technology offering to automate data protection controls.
What will you do – responsibilities:
Information Classification Process and Critical Information Asset Register
- Own the Information Classification Standard, and ensure it meets the business objectives.
- Develop an effective process to identify, classify, label and protect JTI's most critical and confidential data and roll this process out globally to ensure our data is protected wherever it resides throughout it's lifecycle.
Data Ownership and Asset Register
- Introduce the concept of critical data ownership with clearly defined responsibilities.
- Provide training and awareness on classification and data ownership responsibilities to promote data-centric behaviors. Create a critical Information Asset Register across JTI.
- Work in collaboration with the Information Management team.
- Experience and understanding of working with data
Information Protection Controls Management & Regulatory Compliance
- Experience of managing other security, data or risk regulatory framework with a strong security focus would be an advantage
- Experience in a data protection or compliance role, with a robust understanding of the core elements of data protection law/regulation and the interface with digital and logical security
- Ensure effective controls are in place to ensure classified information is adequately protected wherever it resides based on confidentiality.
- Work with subject matter experts as well as our Corporate Data Protection Officer to identify developments in information security/protection laws and regulations that may impact company information security policies and practices.
- Define policy and procedure to drive regulatory IT compliance.
- Work in close collaboration with IAM function to ensure confidential data access compliance.
Data Loss Prevention and Data Breach Detection
- Responsible to identify the business need and governance behind these technologies, working with the Technical Security team to research technology solutions from existing and new providers to detect and minimize the risk of dta loss of JTI critical data assets to bring continuous improvements.
- Build business cases, and budget requirements and define project requirements to make it happen.
IT Risk Assessment & Compliance
- Conduct risk assessments for new technology solutions and/or 3rd party technology providers to ensure adequate protection is in place for our confidential data processing.
- Implement best practices to the existing process to improve high-risk confidential data processing as part of our continuous improvement strategy.
Data Breach response
- Responsible to support the Data Incident response procedure, in the event of a data incident.
- Manage the implementation of remediation and control activities to prevent reoccurrence.
- Understand the regulatory requirements in the event of a personal data breach. In the event of a data breach to inform Information Security management of the extent of the breach in as short a time frame as possible.
- In the event of a data breach incident, the incumbent will be required to conduct an investigation to determine the remediation and control activities required to prevent reoccurrence.
Controls Verification
- Periodically conducting data protection audits to verify the effectiveness of the IT controls.
- Providing feedback and working in collaboration on improvements to the controls framework and ensuring timely risk mitigation.
End-to-end KPI reporting
- Produce key measurements of the information security teams effectiveness and performance to provide assurance to senior management of JTI's strengthening security posture.
