AppSec Jobs
← Back to all jobs

BAT

Global Head of Application and Data Security

Athens, Attiki, GreeceWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About BAT

British American Tobacco (BAT) p.l.c. is a leading multinational corporation based in London, England. Founded in 1902, it is recognized as the world's second-largest tobacco company by net sales as of 2025. BAT has a rich history, having evolved from a joint venture between the UK's Imperial Tobacco Company and the US's American Tobacco Company. The company gained independence in 1911 and has since expanded its global presence through various acquisitions and strategic partnerships. BAT manufactures and sells a range of tobacco and nicotine products, including well-known cigarette brands like Lucky Strike and Pall Mall, as well as electronic cigarettes. The company has diversified into next-generation products and invests in areas such as cannabis and wellness. With a strong focus on responsible manufacturing and global distribution, BAT sources tobacco from smallholder farmers in several countries and operates in key markets including Canada, Brazil, and Australia. Its subsidiaries include Reynolds American in the US and Souza Cruz in Brazil, among others.

Industry

mechanical or industrial engineering

Employees

49,000

849 engineers

Revenue

$35B

Website

Visit →

Security at BAT

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • BAT's AppSec philosophy emphasizes enterprise-wide ownership and the integration of security directly into developer workflows.
  • Their stated mission is to own for the enterprise Application Security program and they prioritize embedding security into SDLC workflows.
  • Their approach to developer enablement focuses on providing CI/CD guardrails with policy-as-code to enable product/platform teams to ship securely.
  • Risk management is described as risk-led prioritization with a goal to show measurable risk reduction through critical metrics and executive scorecards.

Security Team

The AppSec team at BAT operates under the CISO. The Chief Information Security Officer is responsible for cyber security and reports to the Director, Digital & Information. The key public-facing leader is Dawn-Marie Hutchinson, Group Chief Information Security Officer at BAT. Team size estimate is not publicly available. Active hiring includes roles such as Global Head of Application and Data Security and Cyber Security Analyst.

Key Initiatives

Key initiatives include: Shift Left - Focused on embedding security into SDLC workflows and implementing CI/CD guardrails with policy-as-code. Vulnerability Management - The process uses pen-test findings and cloud risk signals to facilitate vulnerability management remediations in a timely manner. Secure SDLC - The team works to publish Application Security and data protection patterns mapped to NIST CSF/800-53 and CIS v8. Security Champions Program - Information not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.