About us:

Ferrovial es uno de los principales operadores globales de infraestructuras de transporte y mantenemos un firme compromiso con el desarrollo de soluciones sostenibles. Tenemos presencia en 6 mercados principales; cotizamos en el IBEX 35 y formamos parte de prestigiosos índices de sostenibilidad como el Dow Jones Sustainability Index y FTSE4Good. Corporación tiene como misión principal diseñar la estrategia de la Compañía, estableciendo las políticas, directrices y guías de actuación globales asociadas a los distintos ámbitos funcionales de la Organización (Finanzas, Recursos Humanos, Asesoría Jurídica, Sistemas de Información, etc.), que posteriormente son desarrolladas y adaptadas a las particularidades de cada Área de Negocio. De igual manera, desarrolla una función de prestación de servicios corporativos a las distintas Compañías del Grupo, a la vez que consolida su información.

Job Description:

Summary:  The Cybersecurity Senior Specialist is responsible for providing security for all CINTRA USA IT/OT systems under CTS responsibility, searching for vulnerabilities in software, hardware, networks, data centers and cloud environments and designing strategies and defensive systems to protect against attacks and threats.

Essential Duties and Responsibilities:

• Lead, manage and grow CINTRA USA cybersecurity function according to Business needs.

• Develop a cybersecurity practice at CINTRA USA that can be relevant to its business units, subsidiaries and joint ventures by defining and implementing a Cybersecurity strategy.

• Negotiate with and for CINTRA USA subsidiaries and joint ventures the contracts, conditions and terms regarding the cybersecurity baseline that must be provided.

• Guarantee the deployment of the adequate measures and controls onto products and services built through digital and technology initiatives.

• Ensure the maintenance and continuous improvement of such measures and controls along the products and services lifecycle.

• Manage and control security projects including start up and launch of benchmarks and proof of concepts.

• Manage cybersecurity vendors whose services are being provided to CINTRA USA, subsidiaries and joint ventures.

• Regular communications with CINTRA USA senior management to report the cybersecurity posture of their companies, the projects milestones consecution and the compliance situation in terms of cybersecurity.

• Provide support to Ferrovial risk and internal audit department.

• Identify business opportunities to provide enhanced cybersecurity services to CINTRA USA, subsidiaries and joint ventures.

Qualifications:

Education & Experience:

• Degree in Computer Science, Engineering, Information Technology or equivalent.

• 5-7+ years of experience in managing complex cybersecurity environments through its full lifecycle.

• Definition, deployment and improvement of security strategies, plans and governance models in large enterprises and corporations and in international environments.

• Definition, deployment and improvement of risk management models.

• Deployment, maintenance and assessment of ISO 27001 and NIST CSF environments.

• Identification and treatment of risk derived from laws and compliance requisites.

• Definition, deployment, monitoring, evaluation, testing and improvement of security architectures, infrastructures and services in corporations and international scenarios.

• Architecture models like SASE and Zero-Trust models.

• Modern Enterprise Architectures, with special interest in knowledges related to industrial systems, ICS, IoT, OT/IT, and its integration in Internet Open Architecture models.

• Services provided by big *aaS providers, as Amazon AWS, Azure, Bluemix, Google Cloud, Cloudera, Atlas/Mongo, etc.

• Security incident management.

• Business continuity management.

• Cyber Intelligence.

• Audits and security reviews.

• Awareness, communication, and training in Cybersecurity.

• Additionally, having demonstrable experience with NIST guides will be an added value.

Professional Qualities:

• CISA, CISM, CISSP, CPP… security certifications will be considered and preferred. 

• High English level in writing, speech and comprehension, being fluent in conversations, is required.

• Skills in negotiating contracts with regional implications.

• Capability to work against tight schedules.

• Must be able to proactively multitask, problem solve and implement innovative processes within a fast-paced environment.