Senior IT Security Analyst Data & AI Platform

*The functional job title is Senior IT Analyst Data Platform Security

**The job can be based in Poland or Portugal.

MAKE HISTORY WITH US

At PMI weve chosen to do something incredible. Were totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.

With huge change comes huge opportunity. So wherever you join us youll enjoy the freedom to dream up and deliver better brighter solutions and you will have the space to move your career forward in many different areas/directions.

We are looking for aSeniorITSecurityAnalyst-Data& AIPlatformto join our group ofITexpertsthatmanage abroadportfolio of systems tools and technologies that serve the Data& AIPlatformfor the entire enterprise.

Over the past few years we have built a modern Data & AI Platform to enable PMIs data- analytics- and AI-driven transformation. The platform is based on state-of-the-art architectures and technologies covering data lake/lakehousesolutions data ingestion and ELT data management data visualization and business intelligence data science (advanced analytics and machine learning) as well as our latestAIstack including the LLM Playground Agentic Playground and GenAI Platform.

Our teamis responsible forcentrallybuilding evolving andoperatingtheglobalData & AI Platform forthe rest of PMI teamsthat develop data products analytical solutions and AI-driven applications on top of it.

TheSenior IT Security Analyst-Data & AI Platformwill strengthen the existing Security team by acting as a 1st Line ofDefenserepresentative for information security. The role ensures that PMIs Data & AI Platform is deployed andoperatedsecurely effectively bridging the speed and agility of Product teams (Architecture Engineering Support) with strict adherence to enterprise policies and standards governed by 2nd Line ofDefensefunctions (Information Security Privacy Legal).

JOIN US

WHO ARE WE LOOKING FOR

• University degree preferably in Computer Science Information Security Cybersecurity Engineering or a related field

• Minimum of 5 years of experience in information security IT risk management or IT auditwithin a large organization. Industry certifications such as CISSP CISA or CISMare an advantage

• Demonstratedknowledge and practical implementation experience with global AI security standards regulations and frameworks (e.g. ISO/IEC 27090 EU AI Act OWASP AI Exchange)

• Experience supporting and securing AI/ML platforms built on a modern technology stack spanning model development and hosting (e.g. Amazon SageMaker) foundation model consumption (e.g. Amazon Bedrock) LLM orchestration () observability and evaluation () automation workflows (e.g. n8n) and thirdparty AI services and enrichment tools ( NovaLite)

• Proven experience defining and operationalizing secure sharedresponsibility models for AI/MLplatforms and product teams consuming them ensuring security and compliance are enforced by default through platformlevel and productlevel controls (e.g. model and agent access restrictions data boundary enforcement secure prompt and output handling model lifecycle governance and humanintheloop controls)

• A solid understanding of data platformconcepts (e.g. data warehouse data lakelakehouse data mesh) architectural differences (e.g. centralized vs. decentralized data ownership batch pipelines cloud-native vs. on-premise platforms) together with their security implications (e.g. access control models data lineage and auditability encryption data classification)

• A general understanding of internationally recognized frameworks and standards (e.g. ISO 27001 SOC 2) and regulatory requirements (e.g. SOX GDPR) relevant to information security privacy and data protection

• A problem solver with excellent organizational skills

• A disciplined and autonomous individual in handling demands within a constantly changing environment and working closely to deliver committed results

• Be courageous and determined to get things done through others able to persuade them into executing on your request tracking timelines and escalating if necessary

• Strong presentation verbal and written communication skills in English with the ability to articulate complex ideas in easy-to-understand business terms to all levels of the organization

• The ability toeffectively manage multiple stakeholders and competing priorities with high attention to detail

WHAT WE OFFER YOU

Important note: The benefits list depends on where the selected candidate will be hired: in Poland or in Portugal. We are open for both locations.

Benefits in Poland:

• In this position you will earn no less than PLN 17 600 gross per month
• Private medical and dental care life insurance
• Hybrid model of work and flexible working arrangements (40% of office work and 60% of home office / month)
• Employee pension plan
• Lunch card Multisport & Cafeteria program
• Wide range of trainings language learning platform further education and professional qualification support possibility
• Free bike and car parking for all employees

Benefits in Portugal:

• Permanent local contract with a competitive salary together with Tabaqueira s employee benefits
• Life and Health insurance
• Employee Pension Plan
• Hybrid working model (or fully remote)
• Growing opportunities within the Company both at national and international level
• Very diverse and international work environment
• Wide range of trainings and further education and professional qualification support possibility

HOW CAN YOU MAKE HISTORY WITH US

• Act as the designated security single point of contact for one or more Product Teams supporting a portfolio of tools technologies and platform capabilities within the PMI Data & AI Platform and serving as an embedded 1st Line ofDefenserepresentative supporting daytoday product delivery while ensuring security and compliance with company policies and standards

• Support initiatives delivering new systems or evolving existing ones by performing handson security reviews across the delivery lifecycle including stagegate reviews such as ThirdParty Due Diligence Vendor Contract Reviews Solution Outline Reviews ThreatModeling Migration Plan Reviews Access Model Implementation Reviews System Integration Reviews and security testing activities (e.g. SAST DAST penetration testing)

• Drive adherence to businessasusual security processes across Product Teams (e.g. patch management vulnerability management and IT resilience)

• Be accountable fortimelyremediation of security risks findings and vulnerabilities

• Design and build security observability capabilities in close collaboration with Site Reliability Engineering teams to enable active monitoring reporting and governance of key security metrics for systems across the Data & AI Platform

• Continuously improve security processes and ways of working across the Data & AI Platform reducing friction and bottlenecks byleveragingAI andautomation to deliver measurable efficiency gains (e.g. faster throughput improved consistency reduced handoffs and recovered engineering capacity)

• Support the execution of key enterprise Information Security programs for systems under the Data & AI Platform scope

• Partner closely with 2nd Line ofDefensefunctions ( Security Privacy Legal) to ensure the Data & AI Platformremainscompliant with applicable policies standards and regulatory expectations

Please note that only on-line applications will be taken into consideration.

Each person who sends the application will receive information about its status.

#Li-hybrid

At PMI we run the business in line with ethical principles and encourage SpeakUp culture. We care for equal chances and fair treatment. If you find anything that violates these principles in this job offer or the recruitment process you may contact our Ethics and Compliance Team at Read more about Ethics&Compliance at PMI here.