Chief Information Security Officer (Project CISO)

Ready to boost sustainable mobility? Join CAF T&E and be part of our mission to lead comprehensive sustainable mobility projects that connect the present with a safe and sustainable future.

If you're looking for a professional experience that allows you to work managing information security, providing leadership to ensure the confidentiality, integrity, and availability of the company's information assets...

This offer will interest you!

When you join CAF T&E, you will find:

Opportunities for international career development in comprehensive railway infrastructure projects alongside leading industry professionals.
Benefits that allow for better personal, family, and work-life balance: flexible working hours, a hybrid telework model, and intensive workdays on Fridays and during the summer.
Flexible compensation: private medical insurance, meal vouchers on days you go to the office, telework support, among others.
Volunteer program: if you are interested in contributing to society by supporting social agents in the third sector, we encourage you to do so by exchanging hours from your workday.
An organization committed to equal opportunities, as we believe diversity is a strength. We work to create an inclusive work environment, ensuring non-discrimination based on sex, age, color, religion, disability, sexual orientation, or gender identity in all our Human Resources policies. We make our hiring decisions based on your experience and skills.

The Chief Information Security Officer (CISO)/Information Security Manager will be responsible of the cybersecurity of IT and OT solutions during all phases of the Project.

Main Functions and Responsibilities:
ENGINEERING:
Requirement Management: Analysis, extraction from tender docs, insertion of new ones from internal policies or regulations, assignment to subsystems and compliance monitoring.
Co-development, internal approval and collaboration in achieving client’s approval of Project's deliverables (Cybersecurity management plan, Cybersecurity general design, Cybersecurity detail design, Cybersecurity risk analysis, Cybersecurity policies, etc.).
Identify the suitable country and sector regulations to be complied with.
Perform a cybersecurity risk assessment and cybersecurity risk management plan.
Subsystem design approval from a cybersecurity compliance perspective.
Support to cybersecurity RFQs development.
Support to cybersecurity providers management.
Main responsible of the development and documentation of the information Security Management System (ISMS).
Audit and collaboration in the requirement compliance validation (T&C).
Support to Information security and cyber protection periodic tests.
Supervise the correction of security vulnerabilities and its fix/patching.

PEOPLE:
Cybersecurity team sizing, collaboration in recruiting and roles & responsibilities co-definition.

MANAGEMENT:
Manage cybersecurity aspects with the client.
Manage information security issues and lead the cyberprotection of the project.
Assimilate and share with the team the working methodology of the project.
Definition and compliance of the cybersecurity plan for the entire Project.