INFORMATION SECURITY RISK MANAGER

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!

Learn more: jti.com

We are seeking an experienced Information Security Risk Manager to play a key role in our ongoing efforts to protect our organization from cyber threats, Digital and IT risks. The role will involve identifying, assessing, and managing security risks, ensuring compliance with industry regulations, and working closely with key stakeholders to strengthen our security posture. By implementing effective risk management practices, you will help safeguard our digital assets and align security initiatives with business objectives.

• Conduct regular risk assessments for D&IT systems, applications, networks, and third‑party vendors.
• Identify potential cybersecurity threats, vulnerabilities, and areas of non‑compliance.
• Evaluate emerging IT and cyber risks based on technological advancements and threat intelligence.

• Develop and implement risk mitigation strategies to address identified risks.
• Recommend and design controls to safeguard IT infrastructure and sensitive information.
• Collaborate with Digital &IT, security, and business teams to ensure controls are integrated into processes.

• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor IT and cyber risks.
• Prepare detailed risk reports and dashboards for senior leadership and relevant stakeholders.
• Escalate critical risks and incidents promptly to appropriate parties.

• Ensure compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements (e.g., GDPR).
• Maintain and improve the D&IT and cybersecurity risk management framework.
• Conduct audits and facilitate external assessments to verify compliance with risk and security standards.

• Contribute to the development and testing of incident response plans and business continuity strategies.
• Support investigations and root‑cause analysis of security incidents and breaches.

• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as CISSP, CISM, or CRISC.
• Knowledge of relevant compliance standards and regulations.

• 8+ years of experience in IT risk management, cybersecurity, or a related role.
• Hands‑on work experience in information security, and risk management including risk reporting.
• Proficiency in IT security tools and software, understanding of network protocols, experience with security frameworks (e.g., NIST, COBIT), Knowledge of cloud security and cloud computing.
• In‑depth knowledge of information security principles, practices, and technologies.
• Strong understanding of risk management methodologies and frameworks.
• Experience with security assessments, vulnerability management, and risk analysis.

• Strong analytical and problem‑solving skills.
• Excellent communication and interpersonal skills for effectively collaborating with cross‑functional teams and communicating security concepts to non‑technical stakeholders.

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1–3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal‑opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.