Summary: The Information System Security Manager is responsible for the oversight and deployment of all adequate measures and controls to provide the Company and its subsidiaries with a reasonable cybersecurity control level. This role will initiate, plan, deploy, maintain, control, improve all aspects of Webber/Ferrovial Construction US cybersecurity.
Essential Duties and Responsibilities:
- Lead, manage and grow Webber/Ferrovial Construction US cybersecurity function according to Business needs.
- Develop a cybersecurity practice in Webber/Ferrovial Construction US that can be relevant to its business units, subsidiaries and joint ventures by defining and implementing a Cybersecurity strategy.
- Negotiate with and for Webber/Ferrovial Construction US business units, subsidiaries and joint ventures the contracts, conditions and terms regarding the cybersecurity baseline that must be provided.
- Ensure quality deployment of the adequate measures and controls onto products and services built through digital and technology initiatives.
- Ensure the maintenance and continuous improvement of such measures and controls along the products and services lifecycle.
- Manage and control security projects including start up and launch of benchmarks and proof of concepts.
- Manage cybersecurity vendors whose services are being provided to Webber/Ferrovial Construction US business units, subsidiaries and joint ventures.
- Regular communications with Webber/Ferrovial Construction US senior management to report the cybersecurity posture of their companies, the projects milestones construction and the compliance situation in terms of cybersecurity.
- Provide support to Ferrovial risk and internal audit department.
- Identify business opportunities to provide enhanced cybersecurity services to Webber/Ferrovial Construction US business units, subsidiaries and joint ventures.
- Other unlisted duties may be assigned.
Qualifications:
Education & Experience:
- Bachelor’s Degree in Computer Science, Engineering, Information Technology or equivalent.
- 7-10+ years of experience in managing complex cybersecurity environments through its full lifecycle.
- Definition, deployment and improvement of security strategies, plans, and governance models in large enterprises and corporations, and in international environments.
- Definition, deployment, and improvement of risk management models.
- Deployment, maintenance and assessment of ISO 27001, NIST CSF and ENS certified environments.
- Identification and treatment of risk derived from laws and compliance requisites.
- Definition, deployment, monitoring, evaluation/testing and improvement of security architectures, infrastructures and services in corporations and international scenarios.
- Architecture models like SASE and Zero-Trust models. Additionally, having demonstrable experience with NIST guides will be an added value.
- Modern Enterprise Architectures, with special interest in knowledges related to industrial systems, ICS, IoT, OT/IT, and its integration in Internet Open Architecture models.
- Services provided by big *aaS providers, as Amazon AWS, Azure, Bluemix, Google Cloud, Cloudera, Atlas/Mongo, etc.
- Security incident management.
- Business continuity management.
- Cyber Intelligence.
- Audits and security reviews.
- Awareness, communication, and training in Cybersecurity.
Additional Qualifications:
- CISA, CISM, CISSP, CPP, ISO 27001, SANS… security certifications will be considered and preferred.
- High English level in writing, speech and comprehension, being fluent in conversations is required. The candidate must be able to arrange and conduct meetings and to handle presentations fluently in English.
- Skills in negotiating contracts with regional implications.
- Ability to manage remote teams nationally and internationally.
- Capability to work against tight schedules.
- Must be able to proactively multitask, problem solve and implement innovative processes within a fast-paced environment.
- Add Physical Demand: Must be able to remain in a stationary position 50% or more of the time.
Webber, LLC provides equal employment opportunities to all applicants and employees without regard to race, color, religion, sex, gender, national origin, age, disability, or status as a Vietnam Era or special disabled veteran in accordance with applicable federal and state laws. Webber, LLC complies with applicable local, state and federal laws governing nondiscrimination in employment at each location the Company operates. This policy applies to all terms and conditions of employment, including, but not limited to: hiring, placement, promotion, termination, leaves of absence, compensation, and training.
The Statements herein are intended to describe the general nature and levels of work performed by employees, but are not a complete list of responsibilities, duties and skills required of personnel so classified. Furthermore, they do not establish a contract for employment and are subject to change at the discretion of the employer.