Europe Information & Data Security Manager (Hybrid)

The company: our customer is a Spanish multinational based in Madrid, that operates all over the world for more than 60 years and is one of the leading producers of food products. More than 12,000 employees and around 2.000 M€ revenue.

They will hire the selected candidate as an internal and permanent employee.

Purpose of the function:

As part of the Europe Cybersecurity area, the main purpose of the position is to adapt the Information Security management in Europe based on the guidelines definition and apply the global methodologies. Ensure the correct classification of assets, processes and applications and set the security measures to protect the assets. Also, this area ensures the security of Infrastructure and Architecture, applies the security baselines and monitors the IAM level of compliance

Key Responsibilities and tasks:

• Criticality classification of process /application /asset and information assets
  • Classify and categorize the criticality of processes, applications, and information assets based on the global criteria
  • Establish an inventory with the information required by the global area and ensure its classification
  • Report the status of the quality level of classification of the processes, applications, assets, and information assets, based on the criteria established by the global area
• Information Security
  • Apply the global Information Security management framework ensuring the confidentiality, integrity, and availability of information and its related assets.
  • The regions should:
    • Apply the global methodology to classify the critical processes /applications/information assets based on their impact determined by the framework (confidentiality, availability and integrity)
    • Establish the measures to ensure the protection of the assets based on their classification
• Infrastructure & Architecture Security
  • Apply the security standards established by the global area in the regional technological Architecture
  • Apply the security solutions and measures established by the global area in projects of technological Infrastructure
  • Report the situation to the global area

• Applicative Cybersecurity
  • Apply the security baselines established by the global area within the region (servers, databases, applications…)
  • Report the level of the baseline’s implementation to the global areas
• Identity and Access Management
  • Adopt and apply the global guidelines and standards of the Access and Identity Management Systems
  • Integrate the applications in IAM tools, Password Management, Privileged Users, etc.
  • Report the situation to the global area                                                                                                                                                                                                                            

Working Experience and knowledge:

• 6+ years of multi-disciplinary Information Security and Information Technology experience
• Strong understanding of common best practices, frameworks and regulations (NIST 800-53, ISO 27001, CIS, etc.)
• Demonstrated experience in Cyber Security risks, follow-up on risk treatment plans and monitor their implementation, learn from problems and identify potential for improvements
• Demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables with limited resources, including standing up capabilities ground-up
• Experience in vendor-related contract reviews and legal processes

Specific skills:

• Excellent verbal communication skills
• Excellent customer service attitude
• Well-developed problem-solving skills
• Strong communication skills (written and verbal) allowing them to communicate with both technical and non-technical audiences
• Project management skills: financial/budget management, scheduling, and resource management
• Broad knowledge across all relevant facets of a holistic, modern cybersecurity program, including strong understanding of current and emerging trends and threats
• Ability to support comprehensive RFPs, addressing all compliance and regulations-related issues
• Availability to solve unexpected incidents or problems related to the job position

Personal Skills Requirements and Job Conditions

Job location: Madrid, European nationality otherwise EU/Spain work permit required as a prerequisite.

Willing to travel when needed.

Education and Training:

• Bachelor’s degree in Information Security, Computer Science, Management of Information Systems or related field.
• Master’s degree in security/engineering, computer science or business information systems is preferred.
• Vendor independent security certifications (e.g. CISA, CRISC, CISSP, CEH, …)

 Languages:

Fluency in Spanish and English languages is essential.

Organizational position: Reporting to CISO (located in Madrid).

Employment Type: Permanent Full Time.

Salary: Depending on experience.

If you are interested, please apply here or send us an email to data_security@montarelo.com including in the subject: ‘Information & Data Security Manager’ along with your CV in English.