Security Manager, Supply Chain and Track & Trace

Philip Morris International UK

Location: Greater London

Job Type: Full time


At PMI, we’ve chosen to do something incredible. We’re totally redefining our business and building our future on smoke-free products with the power to deliver a smoke-free future.

With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions.


PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organisation.

Such a shift creates an abundance of unique and progressive IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with innovative technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.

Digital at PMI is dynamic, diverse, and exciting. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business!

Joining Product & Operations IT

Within IT, the IT Product and Operations team is an experienced, nimble & expert team composed of multiple sub streams. The main purpose of the team is to lead the digital strategy and transformation of Operations and Products functions through effective business partnering and conceptualizing, delivering and supporting innovative and secure IT technologies across the end-to-end value chain.

When you join this team, you will work closely with the IT Product and Operations leadership team and critical business collaborators as a trusted technology partner to embed continuous innovation, work at speed and scale, develop your career in numerous directions in line with your aspirations and in a truly international and diverse context.

What’s the purpose of this role?

This position is ultimately responsible for leading all first line of defense cybersecurity activities across Supply Chain and Track & Trace environment as part of IT Operations platform. As the cybersecurity champion for the business, the responsibilities of this position span a wide range of areas, including defining and prioritizing risk treatment strategy, developing capabilities across the cybersecurity value chain and orchestrating the execution of risk treatment activities. This position reports directly to the BISO for IT Operations and Product.

Your day-to-day

  • Provide security advisory to support projects, in close collaboration with Information Security Operations team, and ensure that "security-by-design" and "privacy-by-design" requirements are included in the design, implementation, maintenance and decommission phases of existing and new systems.
  • Ensure that BAU activities are carried out and supervised, in accordance with PMI IT Policy Framework.
  • Perform threat modelling on technology systems and establish processes to identify, analyze, and remediate vulnerabilities during application development (e.g., via SAST/DAST – Static/Dynamic Application Security Testing – and VAPT – Vulnerability Assessment/Penetration Testing).
  • Document technical procedures and guidelines to implement security requirements for the assigned functional domain, including about software development security processes.
  • Define risk mitigation actions for identified system security gaps and remediate in a timely manner.
  • Support the Information Security cyber risk metrics and reporting program, and communicate effectively risks, issues and activities to key partners, including Senior Management.
  • Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance.
  • Drives cybersecurity resilience activities in the assigned functional domain (e.g., back-up & restore, IT DR).
  • Proactively find opportunities for process and policy enhancements in supply chain security management.
  • Represent IT Operations during internal or external security audits.
  • Support incident/event monitoring and respond and perform post-incident root cause analysis and dissemination of lessons learnt.
  • Work closely with other IT teams on the remediation activities and patch management to ensure identified vulnerabilities are addressed in a timely manner.
  • Support Service Managers in the execution of Control Self-Assessment.

Who we are looking for:

  • At least 7 years' experience in Cybersecurity, IT risks and/or IT Compliance.
  • A minimum of 5 years' experience in supply chain and/or Track & Trace security. Shown experience and track record of delivery in a field relevant to cybersecurity supply chain management.
  • Experience and understanding of supply chain cybersecurity threats and associated security controls.
  • Ability to translate complex supply chain challenges into practical business solutions.
  • Knowledge of standards and legislation relevant to cybersecurity supply chains (ISO, NIST, ENISA, NCSC etc).
  • Experience in defining and executing supply chain cybersecurity audits.
  • Relevant Security, Risk or Audit certifications (or equivalent combination of education, training, and experience).

What’s in it for you?

There are many IT Organizations out there, so why should you join ours?

We believe PMI IT’s true strength is fuelled by our people, and that our success depends on them coming to work every single day with a sense of purpose and an appetite for progress. We are a people first organisation committed to providing you with first-class employee journey. Here’s a glimpse of what’s in it for you upon joining us:
  • Work-life balance: Wellbeing comes first. We offer a fantastic office environment and hybrid working options to ensure you have the best work-life balance possible
  • Learning & Development: Your growth is a priority. Our robust and varied learning & development ecosystem will help you strengthen your technical skills and enhance your soft skills and eye for business. The capabilities you will acquire with us will support your life-time employability within IT, PMI, and beyond
  • Inclusion & Diversity: Our differences - much more than our similarities - generate the innovation we are looking for. We aspire to build a diverse and inclusive organization to access the breadth and depth of thinking and sensitivity vital to thrive

Every single IT colleague is part of our Transformation journey. Join us and pursue your ambitions – our staggering size and scale provides endless opportunities to progress. If this offer resonates with you, we look forward to receiving your application and getting to know you.

Together, let’s deliver a smoke free future.