Head InfoSec Third Party Cyber Risk Mgt

Head InfoSec Third Party Cyber Risk Mgt
Category Information Technology
Standard
Location Albarraque, Portugal
Job Id 8635
Job Type Full Time
Posted Date 03/11/2025


At PMI, we’ve chosen to do something incredible.

We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions.

IT at PMI

PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organization.

Such a shift creates an abundance of unique and progressive IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.

Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business.

Background

PMI is seeking to appoint a Head of Third-Party Cyber Risk Management to be responsible for the design, development and enhancement of the enterprise Third-Party Cyber Risk Management (TPCRM) framework, closely aligned with internationally recognized third-party risk management frameworks, and to foster a more risk aware culture in the organization.

Role

You will act as a senior representative of the TPCRM team working primarily with key stakeholders from:

PMI’s broader Third-Party Risk Management Governance Structure.
PMI Central and regional functions including company business units facing third parties, Information Security, Technology, Legal and Privacy, and Procurement.
External parties such as managed assessment service providers and other key suppliers.

Key Activities

Drive the strategy, design, adoption and governance of TPCRM disciplines within the company to foster a risk balanced entrepreneurship within well understood and accepted risk boundaries.
Establish best practice processes across all third-party cyber risk management activity globally and implement strong governance over these processes.
Drive the mid/long-term adoption and evolution of the TPCRM framework, in strong collaboration and alignment with other Information Security & IT Platform/Regional teams.
Lead projects related to the TPCRM programme.
Deliver fully conformant end to end processes for new and legacy suppliers, aligned to regulatory obligations across various regulatory environments.
Identify, propose and assess risk remediations and controls, consistent with the wider business environment and express your opinions clearly to all levels.
Qualifications and experience

You will have:

8-10 years’ experience in TPCRM in very large companies, including at least 5-7 years in managing a team of TPCRM specialists
Extensive prior experience of auditing and assessment of recognised security standard methodology frameworks such as NIST Cybersecurity Framework, Cobit, COSO, ISO 27000, Systems and Organizational Controls (SOC) reporting or PCI-DSS.
A recognized TPRM qualification from Shared Assessments, Sourcing Industry Group (SIG) or Thompson Reuters or willingness to complete one.
Experience working with international entities and understanding of compliance requirements within a diverse set of international regulatory frameworks.
A sound understanding of technology platforms.

What’s in it for you?

There are many IT Organizations out there, so why should you join ours?

We believe PMI IT’s true strength is fuelled by our people, and that our success depends on them coming to work every single day with a sense of purpose and an appetite for progress. We are a people first organisation committed to providing you with outstanding employee journey. Here’s a glimpse of what’s in it for you upon joining us:

Work-life balance: Wellbeing comes first. We offer a fantastic office environment and Smart working options to ensure you have the best work-life balance possible
Learning & Development: Your growth is a priority. Our robust and varied learning & development ecosystem will help you strengthen your technical skills and improve your soft skills and eye for business. The capabilities you will acquire with us will support your lifetime employability within IT, PMI, and beyond
Inclusion & Diversity: Our differences - much more than our similarities - generate the innovation we are looking for. We seek to build a diverse and inclusive organization to access the breadth and depth of thinking and sensitivity vital to thrive
Every single IT colleague is part of our Transformation journey. Join us and pursue your ambitions – our staggering size and scale provides endless opportunities to progress. If this offer resonates with you, we look forward to receiving your application and getting to know you.

Together, let’s deliver a smoke-free future.

Only CV in English will be considered.

Philip Morris International is an equal-opportunity employer. We are committed to crafting a diverse and inclusive work environment and encourage applications from all qualified individuals. Should you require any reasonable accommodation or adjustments to support your application, please let us know.

https://join.pmicareers.com/gb/en/job/8635/Head-InfoSec-Third-Party-Cyber-Risk-Mgt