Position

Head of Cybersecurity Operations at Philip Morris International.

About Philip Morris International

PMI is transforming its business to build a smoke‑free future. We offer fast‑paced, highly collaborative environments where you can design and deliver innovative solutions. Digital at PMI is dynamic, diverse, and disruptive.

Team

The Operations & R&D IT team leads the digital strategy and transformation of Operations and R&D functions through effective business partnering and secure IT technologies.

Purpose of the Role

The Director for IT Operations and R&D Security seeks an experienced Head of Cybersecurity Operations to design, build, and operate a next‑generation Control Operations Centre within the 1st Line of Defense for IT Operations & R&D platforms and extend cybersecurity operations into the OT environment.

Responsibilities

• Prioritizing, defining, and orchestrating risk treatment strategy.
• Developing and embedding capabilities and controls across the cybersecurity value chain (Identify, Protect, Detect, Respond, and Recover).
• Operating and monitoring security controls continuously, representing control owners in Product and Operations functions.
• Supporting the Director with the development and implementation of a Cybersecurity Operations strategy and programs aligned with business goals.
• Leading and overseeing complex and strategic cybersecurity initiatives across Product and R&D functions.
• Overseeing day‑to‑day activities of the cybersecurity operations team for efficient control operations and testing.
• Driving the implementation of operating model, processes, and procedures to transform the entire IT Product & R&D function into an effective 1st Line of Defense.
• Supporting Operations and R&D functions in change management to become an effective business 1st Line of Defense, focusing on product owners, project managers and technology SMEs.
• Working with strategic service providers to establish a cost‑effective 1st Line of Defense structure capable of continuous control monitoring.
• Driving convergence between IT and OT with the objective of mitigating cyber risk and improving operational efficiency.
• Aligning with IT Platforms stakeholders to proactively implement “security‑by‑design” and “privacy‑by‑design” measures.
• Performing active measurement and governance on CISO metrics.
• Connecting information security initiatives to compliance and regulatory requirements, and overseeing internal and external audits (FDA, CAD, FM Global) and GxP Qualification and Validation activities.

Essential Requirements

• Bachelor’s or master’s degree in computer science, information security, or a related field, or equivalent work experience.
• 10+ years of cybersecurity experience across IT and/or OT roles with progressive leadership responsibilities.
• 3+ years of experience directly managing security and controls operations in a 1st Line of Defense structure.
• Proven track record in coordinating information security initiatives with exposure to manufacturing, engineering, supply chain, product, quality, and electronics manufacturing.
• Experience with enterprise‑level programs that use both traditional and agile frameworks.
• Proven project management experience with stakeholder, budget, communication, and virtual/indirect team management focus.
• Strong leadership, communication, and collaboration skills to influence and motivate teams and stakeholders.
• Broad security knowledge to credibly speak to IT/OT/IIoT technology and information security SMEs.
• Team‑player ability to build pro‑active, co‑operative relationships across cultures and geographies.
• Knowledge of identity and access management concepts (single sign‑on, identity federation) and standards (SAML, OAuth 2.0, OpenID).
• Experience developing and managing budgets, schedules, resources, and risks for cybersecurity programs.
• Experience interacting with cybersecurity policies, standards, and best practices, ensuring compliance with applicable laws and regulations.
• Understanding of security frameworks and standards (SOC2, ISA/IEC 62443, ISO 27001/27002, CSA, CIS, NIST, OWASP).
• Experience working with external partners, vendors, and auditors on cybersecurity matters.
• High energy and flexibility to meet varied demands while producing superior work products under short deadlines.
• Customer‑centric mindset to empathize, anticipate, and solve pain points.
• Ability to build and maintain relationships with senior management, stakeholders, and team members.

Preferred Requirements

• Advanced knowledge of ISA/IEC 62443, IoT/IIoT platforms, cloud‑computing architectures (SaaS, IaaS, PaaS) and related security risks.
• Knowledge of industrial environment protocols and architectures (OPC UA, Purdue model).
• Industrial information security certifications (GICSP, ISO/IEC 62443).

Benefits

• Work‑life balance: office environment and smart‑working options.
• Learning & development: robust ecosystem to strengthen technical and soft skills.
• Inclusion & diversity: commitment to a diverse and inclusive organization.
• Career growth: end‑to‑end opportunities across PMI’s global functions.

Additional Information

Seniority level: Director

Employment type: Full‑time

Job function: Information Technology

Industries: Manufacturing

We believe PMI IT’s true strength is founded on our people. Join us for first‑class employee journey and a sense of purpose. Together, let’s deliver a smoke‑free future.