Cybersecurity, TISO and Data Protection Lead Engineer

Descrizione del lavoro:

MISSION
Belonging to the Operations Engineering team and reporting to the SCADA, Comms and Cybersecurity Principal Manager, the Cybersecurity, TISO and Data Protection Lead Engineer will be responsible for implementing and deploying the necessary tools, controls and checks to ensure that the cybersecurity defence, the information security and the Data Protection systems are operating as designed as well as delivering the requirements of the local regulation and the Company strategy initiatives, risk management, third-party party assurance, disaster recovery and vulnerability management.

The individual will be working as part of a global business with activities in many countries worldwide, although with the main focus on the offshore windfarms in Continental Europe.

RESPONSIBILITIES AND FUNCTIONS
* The individual will deploy the role of TISO (Technical Information Security Officer) for the Offshore assets in Continental Europe.
* Identify the Critical Systems, their owners and custodians, the assurance initiatives to be carried out, and lead the corresponding action plans.
* Establish, support, and coordinate cybersecurity action plans with the IEI CISO and BISOs (IEI and UK).
* Responsible for monitoring infrastructure, risk map, metrics, assurance map, follow-up reports, and management model.
* Coordinate with GIRT (Global Information Response Team), SIRT (Security Information Response Team), and local OIRTs (Operational Information Response Teams) in the event of cyber incidents.
* Responsible for training and raising cybersecurity awareness within the organization.
* Responsible for organizing both internal and external information security and cybersecurity audits. Define and implement the necessary actions to ensure compliance with corporate and business guidelines.
* Responsibilities of the role include, but are not limited to, understanding and delivering the requirements of local regulatory and global cybersecurity initiatives, risk management, third-party party assurance, disaster recovery and vulnerability management.
* Performing compliance checks on various monitoring and defence systems to ensure cyber security controls are operating as designed.
* Proposing solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
* Acting as the main point of contact in the Continental Europe Offshore O&M Hub for anything cybersecurity related
* Leading and managing any audits that arise both internally and externally and collect evidence to demonstrate compliance with reviewed requirements.
* Providing offshore O&M cybersecurity requirements into future project designs and third-party maintenance and supply contracts in order to ensure that assets are delivered to a business and regulatory standard and prepared for the O&M phase.
* In terms of Data Protection, responsible for implementing, through the role of Data Protection Manager, the necessary actions to ensure compliance with corporate, business, and regulatory guidelines by interacting with the country DPOs and the IEI DPO, as part of the scope of responsibility
* Maintaining coordination and sharing of best practice with other Iberdrola businesses and with the cybersecurity governance groups.
* Coordinating the cybersecurity strategies with the other Offshore O&M Hubs (UK and USA) so that uniformed, global and standardized solutions are implemented.
* Prepare Scope of Works and Suppliers Technical Evaluations, playing and active role during the procurement processes to make sure that the most technically qualified providers are selected.
* Manage efficiently the maintenance contracts which he/she is responsible for, striving to reduce the maintenance costs and contributing to maximize the business EBITDA.
* Interact with the wider business including onshore O&M, project services, the Technology Information Security Officer (TISO), business information security officer (BISO) and regulatory bodies as long as it is required.
* Coordinate and manage the individuals within the Cybersecurity team and the Data Protection Manager that report to this position

PROFILE/REQUIREMENTS
* Degree in relevant maths, engineering or Physical Science discipline with considerable knowledge and experience in Cybersecurity.
* Knowledge and awareness of security standards including ISO 27000 series and ISA/IEC 62443 series.
* Knowledge and awareness of the NIS 2 Regulations and equivalent European legislation
* Experience in managing cyber security audits and collecting evidence to demonstrate compliance with reviewed requirements such as ISO27001, CAF, NIS 2, among others.
* Knowledge of cyber security tools (such as EDR / EPP, SIEM / SOAR, Firewalls, IDS / IPS, Secure Remote Access, Switching & Routing etc.)
* Understanding and experience of SCADA control concepts and applied practical experience of industrial control systems such as Protection and Control and Distributed Control Systems in the power generation industry.
* Highly IT literate.
* Experience and understanding of technical due diligence.
* Significant experience in engineering industry.
* Sound planning and analysis skills with the ability to look forward and see / anticipate problems and thereafter plan and implements mitigating solutions to negate the effect of such problems.
* Effective communication and interpersonal skills.
* Developed report writing, presentation skills and ability to summarize a parameters and drivers impacting the scope of works.
* Good organizational and operational skills with the ability to link this awareness to technical judgement and decision making.
* Ability to support the management of a scope of works which require interface and coordination.
* Advice on the impact of technical/ specialist risks and issues and the viability of solutions recommended.
* Problem solving - dealing with conflicting requirements and overcoming obstacles.
* Capacity to work within an international and multicultural team.
* Flexible to travel around Europe and overseas.
* Languages: English: high level.

DESIRABLE SKILLS
* Industry recognized qualifications such CISA, CISM, CISSP or any SANS certifications.
* Other useful languages: German, French, Spanish.

WHAT WE OFFER

* Global leader in green energy: Actively contribute to the energy transition.
* Career development: Diverse training opportunities and long-term growth prospects.
* Language courses: German, English, and Spanish.
* Mobility: Subsidy for the Germany Ticket (BVG).
* Rechargeable benefit card, tax-free
* Employee discounts: Attractive offers from partners in retail, travel, and more.
* Compensation: Performance-based salary that values your contribution.

Mobility Information
Please note that any applicant who is not a citizen of the country of the vacancy will be subject to compliance with the applicable immigration requirements to legally work in that country.

Job Posting End Date:April-1-2026