Are you ready to elevate your career with a global leader in infrastructure solving complex problems and generating a positive outcome on people’s lives? At Ferrovial , we are not just a company; we are a community of innovators and trailblazers. Listed on three major stock markets: Nasdaq (US), Euronext Amsterdam (Netherlands) and IBEX 35 (Spain), we are also member of the Dow Jones Sustainability Index and FTSE4Good. We operate in more than 15 countries and have a workforce of over 24,000 professionals worldwide. Ferrovial’s activity is carried out through our business units, including Highways, Airports, Construction, and Energy.
Our Corporate organization oversees business activities, providing strategic planning, communication, legal, finance and human resources services to the business units. As a member of our corporate organization, you will have a broad view of our company, further supporting your career development.
Why Ferrovial?
- Global presence, local impact : Be part of a company that is shaping the future of infrastructure worldwide, with challenging roles and projects that make a real difference.
- Collaborative excellence : Work alongside talented professionals in a collaborative environment where your ideas and contributions are valued.
- Inclusive Culture: Thrive in an innovative and respectful workplace that values every voice, celebrates what makes us unique and turns differences into innovation.
- Career growth : Benefit from global and cross-business unit mobility, with development processes designed to ensure your professional growth.
- Compelling benefits and employee wellbeing : Enjoy a comprehensive benefits package that rewards your hard work and dedication and take advantage of initiatives designed to support your physical and psychological health.
- Productivity tools : Utilize cutting-edge tools like Microsoft Copilot to enhance your productivity and efficiency.
About the Role
We are looking for a GRC Cybersecurity Senior Specialist with deep expertise in SOX IT General Controls (ITGCs), Segregation of Duties (SoD), SAP authorization models and GRC controls across SAP ECC/R3 and S/4HANA environments. SAP access governance expertise and SOX compliance are a core pillar of this role. You will work hand-in-hand with Internal/External Audit, Internal Control and IT Compliance to ensure appropriate design, execution and documentation of ITGCs. Beyond SOX, the role ensures robust access governance, regulatory compliance and effective risk management in a complex international environment. You will also lead the SoD program and define SoD remediation strategies. It is also expected the use of AI-driven techniques to automate or optimize the execution of controls, for role mining, SoD automation and anomaly detection. English fluency (C1+) is required.
Key Responsibilities
- Lead GRC and SoD initiatives aligned with business and compliance requirements.
- Own the SoD ruleset: analyze conflicts, simulate changes and drive remediation and mitigating controls.
- Strengthening GRC controls including access governance, workflows and emergency access management.
- Oversee the implementation of SAP access management controls including the SAP roles and authorization model.
- Ensure SOX compliance, maintain documentation, support audit processes and ensure complete audit trails.
- Coordinate ITGCs walkthroughs, respond to audit requests, track findings and drive timely deficiency closure to protect the annual audit opinion.
- Use AI tools (role mining, clustering, anomaly detection) to optimize controls execution, generation and review of evidences, SoD remediation, etc.
- Support in projects, integrations, APIs, data migrations and deployments, including S/4 HANA transformation and integration with SailPoint (Identity Management) and Pathlock (SoD and EAM)
- Govern the user access lifecycle, perform periodic access reviews and collaborate with SAP Basis, functional teams and business role owners.
- Investigate access-related incidents, including firefighter usage and suspicious access patterns.
- Maintain policies, procedures, naming standards and SoD exception handling guidelines.
- Develop dashboards and KPIs on risk posture, SoD trends and provisioning performance.
- Collaborate closely with Finance, Internal/External Audit, Internal Control and Compliance to align IT controls with financial process risks, support SOX scoping decisions and provide timely, accurate evidence for all audit requests.
Qualifications
- Degree in Computer Science, Engineering, IT or related fields.
- Highly valued certifications: CISA, CISM, CISSP, CPP, PMP, SAP Certifications
- 7+ years of experience in complex cybersecurity environments within large international organizations.
- Strong hands-on expertise in SAP authorization models, SoD management and GRC controls.
- Experience in S/4 HANA transformations
- Proven track record managing full SOX audit cycles in publicly listed or US-listed companies: scoping, control design, walkthroughs, evidence collection, deficiency classification and remediation sign-off with external auditors.
- Experience designing and improving security strategies, governance and risk management frameworks.
- Familiar with GDPR, ISO 27001 and NIST frameworks.
- Experience identifying and managing risks derived from compliance, technology and regulatory requirements.
- Background in security incident management, business continuity, cyber intelligence, audits and security reviews.
- Experience using AI for automation of repetitive tasks.
- Experience with AWS, Azure or Google Cloud security implications.
- Strong communication, stakeholder management and negotiation skills; English C1+.
- Ability to innovate, multitask and solve problems in fast-paced environments.
Seize the challenge. Move the world together! Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!
Ferrovial is an equal opportunity employer. We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.
#WeAreFerrovial