Platform Security Lead
Philip Morris International
London, United Kingdom
3d ago

Be a part of a progressive change!At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

PMI’s journey to a smoke-free future is fuelled by technology. The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions from pace-setting global pilot projects to vital local updates.

Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.

To join us in IT you’ll need to be driven and equally happy whether you’re taking the strategic view or diving deep into processes.

We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you’ll ever work with.

The TeamOur team is part of the wider IT Consumer & Commercial (ITC&C) function responsible for designing, building, running, and improving business solutions and services globally.

The technologies we are interested in range from omnichannel, commerce, digital marketing, social media and trade, both within a B2C and B2B context all our solutions are customer and / or consumer-facing and are the real growth engine and future of our organization.

The Operations & Platform Services (O&PS) department is responsible for the run and sustainability of business solutions as well as the design, build and run of all core platform systems that underpin all technology services.

We are fully accountable for the core cloud infrastructure, production operations, platform management, delivery tooling, environments, site reliability, service delivery, operational readiness and continuous improvement of our landscape.

Our customers are two-fold as we help delivery teams to accelerate by providing stable technology enablement solutions and support our affiliates who consume the technology we centrally deliver.

In total, we serve around eighty-nine affiliates worldwide who use a mixture of B2C and B2B technology and enable delivery teams in Consumer, Commercial, Omnichannel and Global Communications.

We are a very international team and currently spread across seven cities worldwide : Lausanne is our head office and operating centre, London is our main operational hub, Lisbon is our primary engineering centre, and we have teams in Jakarta, Buenos Aires and Krakow.

Role Summary : The Platform Security Manager acts as a first line of defence for security matters. They lead the applicable Information Security Framework for the scope led by IT Consumer and Commercial Engineers and Ops.

Their focus is to reduce the Security Risk by acting on three (3) main areas : 1- Operations :

  • Analyses and supervises the organization's cybersecurity measures; responds to actual penetration attempts by malicious hackers
  • Implement technologies, techniques, and configurations to ensure an adequate level of data protection in line with internal information security (InfoSec) requirements
  • Embed cybersecurity into the systems development life cycle process, e.g. by leading the execution of threat modeling activities and fostering the adoption of DevSecOps principles
  • Integrate security tools (e.g. SAST, DAST) within the CI / CD pipelines of the development teams
  • Support the creation of security guidelines and standard methodologies as well as contribute to creation of internal frameworks, common features to improve security and speed of delivery of technical / data products
  • Provide support on "security-by-design" and "privacy-by-design" concepts, methods, and tools during entire solution development lifecycle
  • Support other teams within ITCC in analysing the scope, methodology and results of security testing and ethical hacking activities performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI.
  • Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over vendor's work. 2- Governance

  • Establish adequate governance tooling and instances for the ITCC E&O InfoSec 1LD scope in alignment with further company lines of defense.
  • This will include accurate performance measurements and indicators, efficient communication strategy, escalation paths etc.

  • Coordinate all InfoSec initiatives and projects for ITCC E&O and provide consolidated and timely planning for ITCC E&O leadership. 3- Awareness and training
  • Implement a security focused competency capability matrix for ITCC E&O
  • Identify and coach Security Champions within the different Engineering and Ops teams
  • Deliver adequate awareness and training actions / sessions / communications Essential Skills & Experience :
  • Strong customer focused approach with outstanding partner engagement. Able to negotiate, manage relationships and drive improvements
  • Minimum 6 years of experience in web / mobile application security, preferably within a large organization
  • Proven track record in supporting development teams throughout all technical phases of systems development life cycle (threat modelling, integration, delivery)
  • Hands-on experience with integration of SAST, DAST and SCA tools into CI / CD pipelines
  • Strong understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
  • Practical knowledge on modern application architectures including microservices, containers, APIs and serverless technologies
  • Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
  • Considerable technical writing proficiency and oral presentation skills
  • Knowledge of common web / mobile development technologies (e.g. ASP.NET, C#, Java, JavaScript, Ruby, Python)
  • Experience with any of the following technologies / tools : AWS WAF, Salesforce Shield, HashiCorp Vault, Terraform, Ansible, Artifactory, Splunk, ELK
  • Practical experience in Agile / DevOps organizations and cultures
  • Experience working within an Agile environment delivering faster at a higher quality level.
  • Willingness to travel across Europe, Latin America and Asia Pacific. What we offer : Our success depends on our hardworking employees who come to work here every single day with a sense of purpose and an appetite for progress. Join PMI and you too can :
  • Seize the freedom to define your future and ours. We’ll empower you to take risks, experiment and explore.
  • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong.
  • Pursue your ambitions and develop your skills with a global business our staggering size and scale provides endless opportunities to progress.
  • Take pride in delivering our promise to society : to deliver a smoke-free future.
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form