OT Security Engineer (Madrid)

The company: our customer is a Spanish multinational based in Madrid, that operates all over the world for more than 60 years and is one of the leading producers of food products. More than 12,000 employees and around 2.000 M€ revenue.

They will hire the selected candidate as an internal and permanent employee.

Purpose of the function:

Define the OT Strategy, Governance & Guidelines; identify and evaluate the security gaps in the Industrial Control Systems (ICS), subsequently driving the design and implementation of the solutions to mitigate the installations’ security exposure. The role will provide IoT/OT Cybersecurity capabilities to the existing security practices.


Key Responsibilities and tasks:

  • OT Strategy, Governance & Guidelines:
    • Define guidelines and strategies and adapt the regional policies and procedures for the proper OT risk management Governance considering the regional necessities in terms of OT and ensuring the adaption if needed.
    • Establish the principles of Information Security throughout their Operational Technology (OT) Program.
    • Define and develop the OT Security assessment methodology.
    • Asset the Inventory Control and System Management ensuring the correct logical access to these assets.
    • Perform the analysis of the Architecture and Infrastructure of Industrial Control Systems (SCADA / DCS / IIoT) in terms of Cybersecurity.
    • Design the cybersecurity solutions for Industrial Control Systems.
    • Develop ICS Control Frameworks, based on industry best practices as well as international and applicable national standards.
  • OT Installations Managers’ follow-up:
    • Follow up the OT Cybersecurity on different installations/plants through the Installation Managers and report to the Europe CISO.
    • Analyze the information provided by the different installation managers and create aggregated reports to visualize the OT Europe status.
    • Register and collect evidences in case of an OT incident and classify the incident according to their severity.
  • Risk assessment and reporting to CISO:
    • Define and monitor the OT related threats, vulnerabilities and risks.
    • Define OT metrics and establish a consolidated view of the OT status for a correct risk management and monitoring.
    • Report risks and OT status to the Europe CISO.
    • Scale, respond and communicate the OT Security incidents.                                                                                                                                                                                                   

Working Experience and knowledge:

  • Minimum of 5 years working in emerging information security disciplines (e.g. mobile security, cloud security, IoT security, SCADA / industrial control systems security, etc.).
  • Demonstrated experience working with OT Security.
  • Demonstrated experience working with security solutions for ICS/SCADA and industrial control systems.
  • Experience in vendor-related contract reviews and legal processes.
  • Strong understanding of common best practices, frameworks and regulations (NIST 800-53, ISO 27001, ISA99/IEC62443, etc.).
  • Broad knowledge across all relevant facets of a holistic, modern cybersecurity program, including strong understanding of current and emerging trends and threats derived from IoT.
  • Demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables with limited resources, including standing up capabilities ground-up.


Specific skills:

  • Excellent customer service attitude.
  • Well-developed problem-solving skills.
  • Strong communication skills (written and verbal) allowing them to communicate with both technical and non-technical audiences.
  • Project management skills: financial/budget management, scheduling and resource management.
  • Broad knowledge across all relevant facets of a holistic, modern cybersecurity program, including strong understanding of current and emerging trends and threats.
  • Ability to support comprehensive RFPs, addressing all compliance and regulations-related issues.
  • Availability to solve unexpected incidents or problems related to the job position.


Personal Skills Requirements and Job Conditions

 Job location: Madrid, European nationality otherwise EU/Spain work permit required as a prerequisite.

Willing to travel when needed.

Education and Training:

  • Bachelor’s degree in Information Security, Computer Science, Management of Information Systems or related field.
  • Master’s degree in security/engineering, computer science or business information systems is preferred.
  • Vendor independent security certifications (e.g. CISA, CRISC, CISSP, CEH, …).


Fluent in Spanish and English languages is essential.

Organizational position: Reporting to CISO (located in Madrid).

Employment Type: Permanent Full Time.

Salary: Depending on experience.

If you are interested, please send us an email to OT@montareloconsulting.com including in the subject: ‘OT Security Engineer’ along with your CV in English.