Ferrovial is one of the world’s leading infrastructure operators and municipal services companies, committed to developing sustainable solutions.
The company has 96,000 employees and a presence in over 25 countries. It is a member of Spain’s blue-chip IBEX 35 index and is also included in prestigious sustainability indices such as the Dow Jones Sustainability Index and FTSE4Good.
The aim of Corporation is the definition of the Company’s strategy, establishing the global policies, guidelines and action lines related to the different functional areas of the Organization (Finance, Human Resources, Legal Consultancy, IT, etc.), which are subsequently developed and adapted to the specificities of every Business Unit (Airports, Construction, Services and Toll Roads). Furthermore, Corporation provides corporate services to the different companies of the Group, merging their information, at the same time.
• Guarantee the deployment of the adequate measures and controls onto products and services built through technology initiatives.
• Guarantee the maintenance and continuous improvement of such measures and controls along the products and services lifecycle.
• Management and control on security projects, and start up and launch of benchmarks and proof of concepts.
• Customer relationship.
Habilidades y experiencia
Degree in telecommunications/computer science or equivalent.
It will be valued the ownership of specialized certifications in control and information security (CISA, CISM, CISSP, CPP, ISO 27001, SANS certifications…).
Having around 3 years of experience in the following disciplines will be considered relevant for the role:
• Definition, deployment, monitoring, evaluation/testing and improvement of security architectures and infrastructures in corporations and international scenarios (perimeter security, internal networks, infrastructures, endpoint, mobility, secure development lifecycle, hardening, forensic analysis, cloud environments…).
• Architecture models like TOGAF or 0-Trust model. Additionally, having demonstrable experience with NIST guides will be an added value.
• Modern Enterprise Architectures, with special interest in knowledges related to industrial systems, ICS, IoT, OT/IT, and its integration in Internet Open Architecture models.
• Services provided by big *aaS service providers, as Amazon AWS, Azure, Bluemix, Google Cloud, Cloudera, Atlas/Mongo,… Understanding and strategic guidance on multi-cloud scenarios and distributed architectures, based in business messaging (AMQP, RabbitMQ, Kafka, SQS) and in connection models based on REST/JSON/API..
• Expertise in the best security strategies on the mentioned environments, with a special relevance in the use of robust authentication mechanisms like x.509 certificates, pairing protocols like oAuth2, federation standards like SAML2, social connectors…
• Knowledge on new security information sharing mechanism like IoCs, Stix, OpenIOC, Misp… and its relationship with protocols like MQTT and similar.
• Definition, deployment and improvement of security strategies, plans and governance models in large enterprises and corporations, and in international environments.
• Definition, deployment and improvement of risk management models.
• Identification and treatment of risk derived from laws and compliance requisites derived from the inherent requisites of the Organization, like associated with privacy and data protection, intellectual property, digital and electronic signatures…
• Deployment and maintenance of ISO 27001 certified environments.
• Audits and security reviews.
• Security incident management.
• Awareness, communication and training in information security.
It will be valued the candidate capabilities and potential in several organizational aspects, like teamwork and project management. Ability to manage complex situations in an autonomous way will be also valued.
It is required a high or native English level in writing, speech and comprehension, being fluent in conversations. The candidate must be able to arrange and conduct meetings (remote or telecom) and to handle presentations fluently in English.