The company: Spanish multinational company that operates all over the world for more than 80 years and is a global leader in the plywood industry. More than 1,200 employees and around 350 M€ revenue.
Description of the position: Management program to ensure that information assets are adequately protected, considering both IT and OT environments. Stakeholders in the Company. Cybersecurity audit.
Organizational position: Reporting to the Security & Compliance Manager (placed in Logroño).
Key Responsibilities and tasks: Report, from a risk-based approach, all cybersecurity risks considering cybersecurity audits.
Use standard risk management methodology to identify risk and propose mitigating controls.
Design KPIs and KRIs for technical teams and top management teams.
Work with IT and OT security service vendors to gather information needed to keep KPIs and KRIs.
Prepare presentations on KPIs and KRIs for technical teams and top management teams.
Support the alignment on design and implementation of relevant Policies & Procedures.
Define actions to be taken in different scenarios and provide guidance for decision-making where uncertainty exists.
Initiate and control timely review of the procedures and guidance, when necessary, to help different teams.
During audit periods:
Prepare evidence for auditors.
Be prepared to explain policies, procedures, and control implementation.
Explain and defend security proposition.
Create plans to comply with non-conformities.
Follow-up on defined plan.
Manage and respond to cybersecurity incidents.
Manage the security incident lifecycle embedding a potential SOC service provider.
Manage the team to provide 1st and 2nd level support of security services supporting triage.
Define logic workflows to conduct incident handling from identification to resolution.
Lead "lessons learned" meetings, gathering findings and implement improvements to handling procedures.
Work with all involved parties (internal/external) to build agreement on managing incidents.
Prepare and lead "table top" incident management sessions to test procedures.
Research incidents to get to the root cause and propose mitigating controls.
Maintain all cybersecurity body updated integrating any necessity.
Write structured, concise, realistic policies, standards, and procedures in English.
Keep cybersecurity hygiene aligning with KPIs.
Integrate KPIs and maintain patching and hardening of assets.
Handle vendors from cybersecurity perspective.
Conduct meetings with vendors to review SLAs.
Propose improvements to the service.
Participate in RFQ processes.
In collaboration with Business Continuity and Disaster Recovery, Risk Management/GRC functions ensure the up-to-date catalogue of critical assets and services is maintained, align on Major Incident Response protocol, prioritize the most critical tasks in scope of Security Incident Response and Vulnerability Management.
Working Experience: Professional skills: Mandatory skills: Azure and operating systems (Windows / Linux), methodologies such as ISO27001, ISO22301, NIST, C2M2, etc.
Experience to move seamlessly from strategy to execution and deliver tangible results. Ability to manage multiple priorities. Demonstrated planning and problem-solving skills. Demonstrated analytical and critical thinking skills. Experience analyzing processes, risks, systems, or data. Demonstrated proficiency in project management, team management, and process improvement. Ability to identify needs and take initiative are key requirements.
Additional skills non-mandatory, but valuable for the position:
Personal Skills Requirements and Job Conditions: Minimize risks identified by that area, or any other within the entity. Configuring information security products.
Education and Training: Languages:
Spanish: Native language, otherwise business fluent.
English: Very good Business English required (excellent communication skills).
French: Desirable but not a must.
Salary: Depending on experience.
Job location: Madrid or any other place in the north of Spain.
Expected travel: Initial onboarding phase will be mainly carried out in Logroño with visits at some of the Plants in León or Alava provinces. Afterwards, 1-4 days a month to Headquarters in Logroño.
#J-18808-Ljbffr