BAT is evolving at pace into a global multi-category business. We are on a mission to decrease the health impact of our industry.
To achieve our ambition, we are looking for colleagues who are ready to Be The Change. Come, join us on this journey!
ROLE PROFILE
JOB TITLE: Cyber Governance Lead
FUNCTION: DBS
SUB FUNCTION: Cyber Resilience Team
CITY & COUNTRY: Global – Warsaw, Poland
ROLE SUMMARY
What are the key objectives and expectations from this role?
We are seeking a highly skilled and experienced Cyber Governance Lead to join our dynamic and growing team. The ideal candidate will oversee and drive the implementation of an effective cybersecurity governance framework to ensure organizational compliance with regulatory, industry, and internal cybersecurity policies and standards. This role requires strategic oversight, stakeholder collaboration, and continuous improvement to align the organization's cybersecurity objectives with its business goals.
What is the direct impact of this role on the team or organization?
Reports to | Global DBS Gov & Digital Risk Sr.Mgr |
Number of Direct Reports | N/A |
Core Relationships | Internal – Cyber Resilience Team, Regional and Central Functions teams, IT Services, Legal. External – Third-party service providers Keep up to date with Cybersecurity threats, emerging technologies, and industry security best practises. Liaison with peer groups at other organisations, consultancy partners and special interest groups |
Geographic Scope | Global |
Travel Required | Low |
ACCOUNTABILITIES
- Cybersecurity Governance Framework:
- Develop and implement a robust cybersecurity governance framework that aligns with organizational objectives and regulatory requirements.
- Establish governance bodies to ensure effective decision-making and accountability across cybersecurity initiatives.
- Policy and Standards Development:
- Design, develop, and maintain comprehensive cybersecurity policies, standards, and procedures in line with best practices (e.g., ISO 27001, NIST, COBIT).
- Collaborate with stakeholders to ensure policies and standards are relevant, achievable, and aligned with business/functional processes.
- Monitor and ensure compliance with internal and external regulations (e.g., GDPR, CCPA, HIPAA)
- Reporting to Governance Bodies:
- Develop dashboards, reports, and presentations to provide regular updates and reports to operational and strategic governance bodies, including the Board of Directors, Risk Committees, and Executive Leadership Teams.
- Design and implement KPIs and KRIs for governance programs, and use tools such as dashboards to communicate progress to stakeholders.
- Continuous Improvement and Automation: Facilitate ongoing improvement initiatives to enhance cyber governance processes and their automation.
- Cross function collaboration: Build and maintain strong relationships with Regional and Global teams, including Enterprise Risk Management, to align risk management efforts across the organization.
- Security Audits and Assessments: Support security audits to validate the effectiveness of cyber governance processes and identify areas for improvement.
- Continuous Learning: Stay informed about the latest cybersecurity trends, threats, and best practices, incorporating them to strengthen the organization’s cybersecurity posture.
EXPERIENCE, SKILLS, KNOWLEDGE
ESSENTIAL
Experience & Technical Skills Required
- 5+ years of experience in cybersecurity governance, risk management, compliance or related roles.
- Cybersecurity Fundamentals:
- Experience in developing and implementing policies, standards, and governance structures.
- Strong knowledge of security frameworks and standards (e.g., NIST RMF, ISO 27001, FAIR, COBIT)
- Proficiency in using GRC platforms (e.g., ServiceNow IRM, RSA Archer).
- Awareness of emerging technologies such as artificial intelligence, blockchain, IoT, and their associated security implications.
- Familiarity with cybersecurity regulations and compliance requirements such as GDPR, CCPA, PCI DSS, and SOX.
- Adequate technical knowledge and skills enabling effective communication with IT Services, understanding risks and corresponding mitigations.
Functional / Leadership Skills Required
- Exceptional communication and presentation skills, with the ability to convey complex information to technical and non-technical stakeholders, including executive leadership
- Project Management:
- Strong organizational skills to manage multiple concurrent initiatives.
- Familiarity with project management methodologies to drive risk-related projects.
- Data Analytics and Visualization:
- Ability to analyse and interpret complex data to assess risk and trends.
- Proficiency in creating dashboards and reports using tools like Power BI, or Excel.
- Ability to build relationships across functions and drive consensus in a complex, matrixed organization.
- Self-motivated and results focused; ability to strengthen the team and its mission.
- Attention to detail and ability to manage multiple priorities in a fast-paced environment.
Education / Qualifications / Certifications Required
- Degree or equivalent in Cybersecurity, Information Technology, or a related field
BENEFICIAL
- Following Industry certifications are highly desirable.
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in the Governance of Enterprise IT (CGEIT)
What we offer you?
• We offer a market leading annual performance bonus (subject to eligibility)
• Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
• Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
• You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
• We prioritise continuous improvement within a transformative environment, preparing for ongoing changes
WHY JOIN BAT?
We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.
Collaboration, inclusion and partnership underpin everything we do here at BAT. We are looking forward to enabling every individual to thrive, regardless of gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, veteran status, perspectives and thinking styles. We know that embracing talent from all backgrounds is what makes us stronger and best prepared to meet our business goals.
We see the career breaks as opportunities not obstacles. Through The Global Returners program, we support professionals looking to restart their careers after an extended absence from the workforce (e.g. time out caring for family, parental leave, national service, sabbatical and/or starting an own venture).
Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.
If you require any reasonable adjustments or accommodations to help you perform at your best during the recruitment process, you are encouraged to notify us. We are fully committed to support you by making appropriate arrangements for you to demonstrate your full potential.