Security Engineer (full remote)

The company:

Spanish multinational company, GARNICA, that operates all over the world for more than 80 years and is a global leader in the plywood industry. More than 1,200 employees and around 350 M€ revenue.

They will hire the selected candidate as an internal and permanent employee.


Description of the position:

@ Report periodically the status of cybersecurity maturity in the company including managing any

cybersecurity audit.

@ This role will be responsible for support to maintain our corporate wide information security

management program to ensure that information assets are adequately protected.

@ Responsible for operating, managing, and maintaining cybersecurity needs in the Company

considering both IT and OT environments.

Organizational position:

Reporting to the Security & Compliance Manager (placed in Logroño)


Key Responsibilities and tasks:

  1. To report, from a risk-based approach, all cybersecurity risks considering cybersecurity audits.
  2. To maintain all cybersecurity body updated integrating any necessity.
    • Write structured, concise, realistic policies, standards and procedures in English.
    • Keep cybersecurity hygiene aligning with KPIs.
    • Integrate KPIs and maintain patching and hardening of assets.
  3. Handle vendors from cybersecurity perspective.
    • Define new and apply existent KPIs to measure performance
    • Conduct meetings with vendors to review SLAs.
    • Propose improvements to the service.
    • Participate in RFQ processes.
  4. In collaboration with Business Continuity and Disaster Recovery, Risk Management/GRC functions ensure the up-to-date catalogue of critical assets and services is maintained, align on Major Incident Response protocol, prioritize the most critical tasks in scope of Security Incident Response and Vulnerability Management.

Working Experience:

@ Minimum 4-5 years of solid cybersecurity experience with IT and OT environments.


Professional skills:

Mandatory skills:

@ Experience and knowledge on different cybersecurity frameworks and methodologies such as ISO27001, ISO22301, NIST, C2M2, etc.

@ DRP and BCP development and implementation experience.

@ Knowledge of IT and OT infrastructures.

@ Knowledge of network and communication protocols, O365 tools, Active Directory, Azure and operating systems (Windows / Linux).

@ Work experience in a professional environment preferred, including:

  • Experience to move seamlessly from strategy to execution and deliver tangible results.
  • Ability to manage multiple priorities.
  • Demonstrated planning and problem-solving skills
  • Demonstrated analytical and critical thinking skills.
  • Experience analyzing processes, risks, systems, or data.
  • Demonstrated proficiency in project management, team management and process improvement.
  • Ability to identify needs and take initiative are key requirement

Personal Skills Requirements and Job Conditions

Personal skills:

@ Clear decision making, based on indicators, experience, and knowledge.

@ Proactivity for the proposal of new initiatives that could identify, manage, or minimize risks identified by that area, or any other within the entity.

@ Good time management including temperance and analytical and disruptive mind.

@ Ability to learn new technologies and to follow processes with passion for assessing and configuring information security products.

@ Good communication (written & verbal).

@ Capacity to lead 3rd party virtual teams and manage providers and vendors.

Education and Training:

@ Bachelor’s degree in Computer Science, Information Systems, or related field.

@ Desirable Master in Industrial Cybersecurity.

@ OT certifications such as: GISCP, ISA/IEC 62443 are a plus.

@ Security certifications (CISA, CISM, CRISC, ISO 27001 LA) are a plus.


  • Spanish: Native language, otherwise business fluent.
  • English: Very good Business English required (excellent communication skills).
  • French: Desirable but not required.

Salary: Depending on experience.

Job location: Madrid or any other place in the north of Spain.

Expected travel:

Initial onboarding phase will be mainly carried out in Logroño with visits at some of the Plants in León or Alava provinces.

Afterwards, 1-4 days a month to Headquarters in Logroño.


If you are interested, apply here or send an email to including in the subject: ‘Security Engineer’ along with your CV.