Manager InfoSec Resilience & Culture

Job Description:

About PMI
At PMI, we've chosen to do something incredible. We're transforming our business and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide. With huge change comes huge opportunity. Wherever you join us, you'll enjoy the freedom to dream up and deliver better, brighter solutions - and the space to move your career forward in endlessly different directions. Our journey to a smoke-free future is powered by technology. The transformation we're undergoing means there are unique IT projects to match all levels of skills and ambitions - from global pilot programs to vital local initiatives

About the Role

The Manager InfoSec Resilience & Culture will be responsible for driving and evolving enterprise-wide cybersecurity capabilities across Security Information and Event Management (SIEM), External Attack Surface Management (EASM), and Information Security Service Excellence. The position focuses on delivering long-term, sustainable business value by strengthening detection, visibility, and operational excellence in alignment with the organization's security strategy.

The Manager InfoSec Resilience & Culture will report to the Head of InfoSec Resilience & Culture.

To fulfill this mandate, Manager InfoSec Resilience & Culture will assist the Head of InfoSec Resilience & Culture to enable all information security teams to leverage synergies, improve cross-functional collaboration and increase team and stakeholder satisfaction.

About the Team

Information Security Resilience and Culture team is part of the global Information Security organization and has established practice with many years of operations. Its mandate is to enable the business to own and manage global and regional cyber risks and ultimately enforce strategy execution.

Key Responsibilities

* Oversee design, implementation, and optimization of SIEM platforms to ensure effective log ingestion, correlation, and alerting.

* Define and maintain detection engineering strategy, including use-case development, threat modeling, and continuous improvement of detection rules.

* Collaborate with IT to ensure onboarding of application log sources to SIEM and ensure yearly project targets are met.

* Define and track SIEM health metrics (log ingestion rates, correlation efficiency, alert fidelity) and implement proactive tuning to reduce false positives.

* Lead initiatives to identify, monitor, and mitigate risks associated with the organization's external digital footprint (domains, IPs, exposed assets).

* Implement continuous discovery and mapping of external-facing resources, including shadow IT, to improve asset visibility and reduce vulnerabilities.

* Integrate External Attack Surface Management processes with vulnerability management for rapid remediation.

* Promote and implement automation and AI-driven solutions to enhance efficiency and reduce repetitive tasks.

* Support the Head of InfoSec Resilience & Culture in ensuring that the InfoSec team aligns its services and delivery with overall business goals, leading to a positive and sustainable impact on business value.

* Identify and implement actions for continuously improving service and assist InfoSec teams in meeting their service objectives and customer expectations.

* Contribute to developing standardized ways of working for InfoSec Resilience & Culture team.

Profile

* 7+ years information security and/or related technology experience and a proven track record in information security, experience in managing SIEM technologies (e.g., Microsoft Sentinel, Splunk) and detection engineering.

* Strong understanding of external attack surface management tools and methodologies.

* Solid background in cybersecurity service management, governance, and operational excellence.

* Familiarity with automation and AI capabilities in security operations.

* Hands-on experience with security service delivery, organization-wide risk assessment, third party risk management tools and technologies.

* In depth knowledge and understanding of information security concepts, industry best practices and relevant legal and regulatory requirements.

* Preferred certifications: CISSP, CISM, CISA, GIAC certifications.

* Must have at least a bachelor's degree, preferably in a technology-related field, or equivalent education-related experience.

* Excellent stakeholder management and cross-functional collaboration skills.

* Ability to communicate technical subjects to both IT and business-centric audiences to build champions and deliver results.

* Team player with ability to build pro-active, co-operative working relationships with customers, peers and key stakeholders based on respect and teamwork.

* Flexible approach to travel.

* Excellent command of English; any additional languages are a plus.

What we offer

* Work-life balance: Smart working options and a supportive office environment.
* Learning & Development: A robust ecosystem to grow your technical and soft skills.
* Inclusion & Diversity: We embrace differences as a source of innovation and strength.

Additional information

* Relocation support is not available for this role.
* If you've been in your current role for less than 18 months or are on a Performance Improvement Plan, you must obtain your manager's approval before applying.
* Only CVs in English will be considered.
If this sounds like the opportunity you've been looking for, we'd love to receive your application and get to know you.
Together, let's deliver a smoke-free future