IT Controls Manager

IT Controls Manager Miejsce pracy: Warszawa Technologies we use Expected SAP About the project Primary responsibilities of the "IT Controls Manager" are the ongoing maintenance and improvement of JTI's global internal controls framework, including IT controls. As a Japanese-listed multinational Company, JTI must comply with JSOX (Sarbanes Oxley equivalent) reporting; which requires managing the overall JSOX control framework (Finance and IT controls), performing self-assessment processes, liaising with internal & external auditors and remediating any issues highlighted. The role reports directly to JTI HQ and the work demands a substantial understanding of IT processes. Regular cross-functional collaboration with all levels of management will be required to perform the role effectively. Furthermore, the individual will also support the wider Corporate Controlling Team with Agile Project Support. Your responsibilities IT Controls Design – lead the design and implementation of IT Security controls across the organization, ensuring alignment with JSOX requirements and boarder Corporate Policies and Procedures Access Management – oversee the controls related to access management, including provision, deprovisioning, and monitoring user access to ensure proper Segregation of Duties and prevent unauthorized access Change Management – manage IT change management controls to ensure that all changes to IT systems, application, and infrastructure are reviewed, approved, and documented in compliance with JSOX and IT Policies Operational controls – ensure operational IT controls are in place to support day-to-day function, including regular monitoring, backup processes. Segregation of Duties – manage Segregation of Duties ruleset for SAP and non-SAP systems Control Assessment – oversee internal processes related to management self-assessment of internal security controls and JSOX remediation process JSOX Compliance – conduct comprehensive reviews of projects to ensure that they adhere to JSOX and IT control requirements Collaboration – work with cross-functional teams including Information Security, Identify and Access Governance, SAP Functional Consultants, Compliance, IT JSOX Coordinators, and External and Internal Auditors to ensure that security and control framework are integrated into day-to-day operations Reporting - preparation of the presentations and reports for Senior Management based on the obtained requirements Our requirements Are independent, structured, and process-oriented person with strong self-confidence and good communication skills Have an analytical mindset with excellent prioritization and time, self-management skills Have a University Degree in relevant field Understanding of security frameworks (ISO 27001, NIST, COBIT, etc.) Familiarity with ITIL practices Experience in managing internal and external audits and providing control evidence Professional Qualification is a plus (CISA, CISM, CRISC, CISSP, CC, CIA, ITIL) Have at least 5 years of work experience Have confidence with Excel and at least basic knowledge about BI application Are fluent in English (written and verbal). Any other language is an asset Have a proficient knowledge of SAP Security or SAP Function module on-hand experience is require What we offer Competitive pay and attractive annual bonus On-going development opportunities in multinational environment, wide variety of projects, ambitious goals and independence in achieving them. Promoting from within culture Freedom with responsibility (we trust your competencies, ability to manage your time and your scope of work) Lot of flexibility in terms of work arrangements (work from office or from home) Private medical care (various options to choose) and life insurance Employee pension and savings programs JTI Family Leave Benefit – including extended paid paternity leave and fully paid maternity leave Multisport card, foreign languages classes Wide variety of trainings, webinars and professional courses on our e-learning platforms, including sponsored certification programs (for employees fulfilling the admission criteria) Modern office with traditions (Art Norblin Factory) in convenient location, equipped with a library, mindfulness zone, spacious kitchen, garden terrace, massage chairs and underground bicycle parking Working in a diverse and inclusive organization of over 40 different nationalities Benefits sharing the costs of sports activities private medical care sharing the costs of foreign language classes life insurance remote work opportunities flexible working time retirement pension plan no dress code sharing the costs of holidays for kids charity initiatives JTI Family Leave Benefit - additional paternity leave Anniversary awards JTI Benefit Platform JTI GBS POLAND Sp. z o.o. We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. In fact, we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries. But our business isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business. That’s why our employees, from around the world, choose to be a part of JTI. It is why 87% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, eight years running. So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to JoinTheIdea. JTI GBS Sp. z o.o. has introduced an Internal Reporting Procedure for Whistleblowers. If you would like to review this procedure, it is available upon request.If you decide to participate in this recruitment, the administrator of your data will be JTI GBS Poland sp. z o.o. with headquarters in Warsaw. Your data will be processed only to support the recruitment process in which you participate. Detailed information on the processing of your data here:Detailed information on the processing of your personal data: 1. Who is the controller of your personal data? Name and registered office: JTI GBS Poland sp. z o.o., ul. Żelazna 51/53, 00-841 Warsaw Contact mailbox regarding data processing: wawgdprgbsjti.com Data Protection Officer: The data controller has appointed a Data Protection Officer who can be contacted directly at the following address: wawgdprgbsjti.com. The Data Protection Officer can be contacted in all matters related to the processing of personal data and the exercise of rights related to the processing of such data. 2. For what purposes is your personal data processed? Your personal data will be processed for the purpose of enabling you to take part in the recruitment process for the position in JTI GBS to which your application relates. If you have provided your consent to participate in the recruitment processes conducted by JTI GBS in the future, your data will also be processed for this purpose. If your application is considered under the employee referral program, your data will also be processed to accomplish the objectives of the program. In specific situations, JTI GBS may also process your personal data to the extent necessary to establish, assert or defend against claims. Detailed information on the basis of data processing is provided in the table. 3. What is the data retention period? The data provided in order to take part in a specific recruitment project will be retained for the period until the end of the recruitment process, up to a maximum of 3 months from the selection of the employee in case no contract has been concluded. If you have given your consent to the processing of your personal data for future recruitments, then your data will be processed until your consent is withdrawn, but for no longer than for 12 months. In case of processing your application under the employee referral program, your personal data will be processed until the objectives of the program have been met. The duration of the processing of your personal data may be extended each time by the period of the statute of limitations for claims, if the processing is necessary to establish, assert or defend against claims. 4. Who will be the recipients of your personal data? The data may be transferred to entities processing personal data on behalf of the controller, e.g. IT service providers, entities operating the database, entities handling application requests – however, these entities process data on the basis of an agreement with the controller and only in accordance with the controller's instructions and within the scope of the granted consent. Personal data may also be transferred to other JTI Group companies in connection with intra-group purposes. 5. Will your personal data be subject to profiling? During the recruitment process, you may be asked to complete tests (e.g. analytical test, behavioural test, cognitive test) or to participate in an Assessment Center session. In the case of behavioural test, you will be subject to profiling. The system will evaluate the answers you give in the survey and create a profile of your behaviour and preferred working conditions based on these answers. The test is only a support material for the recruiter conducting your recruitment process and no automated decisions are made based thereon. 6. What are your rights in relation to the processing of your personal data? You have the right to withdraw your consent for processing of data at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. You have the right to obtain information about the processing of your personal data concerned in accordance with Art. 15 of the GDPR, including to obtain copies of your personal data. In addition, you may request the rectification of inaccurate personal data, as well as the completion of incomplete personal data. You may also request restriction of the processing in the cases referred to in Art. 18 of the GDPR, as well as the data portability. You have the right to object to the processing of your personal data. You have also the right to erasure your personal data. . When profiling is used (it may take place when using behavioural tests in the recruitment process), you have the right to object to the profiling of your personal data. In order to exercise the above rights, please contact the data controller, e.g. by sending an appropriate request via e-mail. You also have the right to lodge a complaint with the supervisory authority (Poland: President of the Personal Data Protection Office). 7. Is personal data transferred outside the European Economic Area? Your personal data may be entrusted for processing to JT International S.A. with its registered office in Switzerland, i.e. outside the European Economic Area (EEA). The European Commission has stated that this country offers an adequate level of personal data protection (Commission Decision of 26 July 2000). The recipient has implemented adequate and appropriate safeguards for your personal data. You have the right to receive a copy of the transferred personal data. Your personal data may also be transferred to other JTI Group companies that are based outside the EEA. Whenever the country to which the transfer of personal data will take place does not provide an adequate level of protection for personal data, JTI GBS will ensure the protection of your personal data in accordance with applicable legislation. 8. Is provision of the personal data mandatory? Responding to the Company's advertisement and providing your data is voluntary. However providing the mandatory data is necessary for your application to be considered during the recruitment process. Failure to provide this data will prevent your application from being considered. The provision of other data is voluntary and constitutes the candidate's consent to their processing in the recruitment process. If you raise an objection to the processing of your personal data during the recruitment process, further participation will not be possible.

Location: Warszawa, PL

Posted Date: 4/19/2025