Information Security Risk Manager

At JTI we celebrate differences, and everyone truly belongs.
46,000 people from all over the world
are continuously building their unique success story with us.
83% of employees feel happy
working at JTI.

To make a difference with us, all you need to do is bring your
human best.
What will your story be? Apply now

Learn more
Information Security Risk Manager
Position Purpose
We are seeking an experienced Information Security Risk Manager to play a key role in our ongoing efforts to protect our organization from cyber threats, Digital and IT risks. The role will involve identifying, assessing, and managing security risks, ensuring compliance with industry regulations, and working closely with key stakeholders to strengthen our security posture. By implementing effective risk management practices, you will help safeguard our digital assets and align security initiatives with business objectives.

What Will You Do – Responsibilities
Risk Identification and Assessment

• Conduct regular risk assessments for D&IT systems, applications, networks, and third-party vendors.
• Identify potential cybersecurity threats, vulnerabilities, and areas of non-compliance.
• Evaluate emerging IT and cyber risks based on technological advancements and threat intelligence.

Risk Mitigation and Control Development

• Develop and implement risk mitigation strategies to address identified risks.
• Recommend and design controls to safeguard IT infrastructure and sensitive information.
• Collaborate with Digital &IT, security, and business teams to ensure controls are integrated into processes.

Monitoring and Reporting

• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor IT and cyber risks.
• Prepare detailed risk reports and dashboards for senior leadership and relevant stakeholders.
• Escalate critical risks and incidents promptly to appropriate parties.

Governance and Compliance

• Ensure compliance with industry standards (e.g., ISO 27001, NIST,) and regulatory requirements (e.g., GDPR).
• Maintain and improve the D&IT and cybersecurity risk management framework.
• Conduct audits and facilitate external assessments to verify compliance with risk and security standards.

Incident Response and Resilience

• Contribute to the development and testing of incident response plans and business continuity strategies.
• Support investigations and root-cause analysis of security incidents and breaches.

Who Are We Looking For – Requirements
Educational background

• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as CISSP, CISM, or CRISC.
• Knowledge of relevant compliance standards and regulations.

Professional Experience

• 8+ years of experience in IT risk management, cybersecurity, or a related role.
• Hands-on work experience in information security, and risk management including risk reporting.
• Proficiency in IT security tools and software, understanding of network protocols, experience with security frameworks (e.g., NIST, COBIT), Knowledge of cloud security and cloud computing.
• In-depth knowledge of information security principles, practices, and technologies.
• Strong understanding of risk management methodologies and frameworks.
• Experience with security assessments, vulnerability management, and risk analysis.

Interpersonal, Non-technical Skills

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills for effectively collaborating with cross-functional teams and communicating security concepts to non-technical stakeholders.

Are you ready to join us? Build your success story at JTI. Apply now

Next Steps

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.