.Description The Head of Cybersecurity, Ferrovial Energy, is responsible for the oversight and deployment of all adequate measures and controls to provide the Company and its subsidiaries with a reasonable cybersecurity control level. This role will initiate, plan, deploy, maintain, control, improve all aspects of Ferrovial Energy cybersecurity. Essential Duties and Responsibilities: Lead, manage and grow Ferrovial Energy cybersecurity function according to Business needs. Develop a cybersecurity practice in Ferrovial Energy that can be relevant to its business units, subsidiaries and joint ventures by defining and implementing a Cybersecurity strategy. Negotiate with and for Ferrovial Energy business units, subsidiaries and joint ventures the contracts, conditions and terms regarding the cybersecurity baseline that must be provided. Guarantee the deployment of adequate measures and controls onto products and services built through digital and technology initiatives. Ensure the maintenance and continuous improvement of such measures and controls along the products and services lifecycle. Manage and control security projects including start up and launch of benchmarks and proof of concepts. Manage cybersecurity vendors whose services are being provided to Ferrovial Energy business units, subsidiaries and joint ventures. Regular communications with Ferrovial Energy senior management to report the cybersecurity posture of their companies, the projects milestones consecution and the compliance situation in terms of cybersecurity. Provide support to Ferrovial risk and internal audit department. Identify business opportunities to provide enhanced cybersecurity services to Ferrovial Energy business units, subsidiaries and joint ventures. Qualifications: Master's Degree in Computer Science, Engineering, Information Technology or equivalent. 7-10+ years of experience in managing complex cybersecurity environments through its full lifecycle. Previous experience in power and / or utility sectors. Definition, deployment and improvement of security strategies, plans, and governance models in large enterprises and corporations, and in international environments. Definition, deployment, and improvement of risk management models. OT, ICS, IoT cybersecurity knowledge and experience, especially on the ISA / IEC 62443 Standards, Purdue Model and Defense in Depth implementation. Deployment, maintenance and assessment of ISO 27001, NIST CSF and ENS certified environments. Identification and treatment of risk derived from laws and compliance requisites. Definition, deployment, monitoring, evaluation / testing and improvement of security architectures, infrastructures and services in corporations and international scenarios. Architecture models like SASE and Zero-Trust models. Additionally, having demonstrable experience with NIST guides will be an added value. Security incident management. Business continuity management. Cyber Intelligence