AppSec Jobs
← Back to all jobs

JTI

CYBER DEVSECOPS MANAGER

Bucharest, Bucharest, RomaniaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About JTI

Japan Tobacco International (JTI) is the international division of Japan Tobacco Inc., one of the largest tobacco companies globally. Established in 1999, JTI focuses on manufacturing and selling tobacco products outside Japan. The company is headquartered in Geneva, Switzerland, with key offices in Tokyo, Japan, and Raleigh, North Carolina, USA. JTI employs around 45,000 to 46,000 people and operates approximately 400 offices, 27 factories, and five research and development centers worldwide. It markets a variety of well-known cigarette brands, including Winston, Camel, and Benson & Hedges, and sells its products in over 120 countries. The company emphasizes global expansion and secures its tobacco leaf supply through subsidiaries that source from countries like Malawi, China, and India. JTI aims to enhance its market share and product reach as part of its mission to drive profit growth for the Japan Tobacco Group.

Industry

tobacco

Employees

31,000

571 engineers

Revenue

$20B

Website

Visit →

Security at JTI

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • JTI emphasizes information security governance, employee training (i-SECURE), IT governance policy, monitoring, and simulated attacks.
  • The JT Group positions IT risk and cyber security as key risks selected by the Board, with the IT Governance Policy being the top policy.

Security Team

The Senior Vice President, Information Technology has managerial responsibility for JT Group IT Governance systems. The Cyber DevSecOps Manager role is part of the Cyber Security Centre. There is an active Cyber DevSecOps Manager job posting with responsibilities including SAST/DAST/SCA tool integration, CI/CD security, Azure, and secure SDLC. Information on a public, verifiable org chart showing AppSec reporting line into CISO or CTO specifically, or the team size, is not publicly available.

Key Initiatives

JTI is embedding secure DevOps practices into CI/CD environments and promoting shift-left security throughout the SDLC. They conduct vulnerability testing via third-party providers and simulated cyberattacks. Employee training, specifically the "i-secure program", is a key initiative, with 94% of employees having received information security e-learning. Information on a public, verifiable AppSec "Security Champions"program or vulnerability remediation SLAs/MTTR is not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.