Cyber Security Lead
Location: Remote in Portugal or Hybrid in Porto or Coimbra office
Bring your unique talents and experience to the market leader in Industrial IoT (IIoT) solutions and grow your passion into a rewarding profession, making a measurable and mission-critical impact in a dynamic role and workplace where we support your success, when you join our global (and growing!) team as the Cyber Security Lead @Anova.
Key Responsibilities
* Lead and drive IT&Cybersecurity engineering projects end‑to‑end (scoping, design, implementation, validation and operational hand‑over).
* Create and own the corporate cybersecurity strategy, including the compliance, vulnerability management, security operations and cybersecurity awareness program.
* Develop, measure and report monthly cybersecurity Key Risk Indicators (KRIs) and performance metrics to the Executive Committee, translating technical topics into business‑oriented language and recommended actions.
* Design, deliver and oversee ongoing security awareness and phishing‑resilience campaigns tailored to evolving adversary tactics, techniques and procedures (TTPs).
* Define, implement and maintain security policies, standards and procedures aligned with ISO/IEC27001, relevant EU directives and regulations (NIS2, CRA, RED, GDPR).
* Perform and coordinate risk assessments, threat modelling, penetration tests and security audits; manage remediation plans and track closure.
* Serve as primary incident commander during cybersecurity incidents, ensuring timely containment, eradication, recovery and root‑cause analysis.
* Ensure IT infrastructure, applications and cloud environments have adequate preventive, detective and corrective controls to reduce risk to an acceptable level.
* Maintain and improve the Information Security Management System (ISMS) to sustain ISO/IEC27001 certification, including planning and executing internal audits and supporting external surveillance audits.
* Oversee Disaster Recovery and Business Continuity planning, testing and continuous improvement.
* Mentor and provide technical leadership to system administrators, developers and product managers on secure design, DevSecOps and security best practices.
* Manage relationships with security vendors, MSSPs and relevant authorities.
* Stay abreast of emerging threats, vulnerabilities, technologies and regulatory requirements, making recommendations to leadership as appropriate.
Mandatory Qualifications & Competencies
* Bachelor’s degree in computer science, Cybersecurity, Information Technology or a related field.
* 8+ years of progressive experience in IT infrastructure and cybersecurity, including at least 3 years in a project‑lead or technical‑lead capacity.
* Demonstrated success leading multi‑disciplinary cybersecurity engineering projects from inception to completion.
* Outstanding written & verbal communication and presentation skills in English (Portuguese a plus); proven ability to brief executives and non‑technical stakeholders.
* Hands‑on expertise in cloud security architecture (Azure), SOC Technologies (EDR, XDR and SIEM) and Identity management (Active Directory/EntraID).
* Experience building and delivering security awareness programs and materials.
* Ability to analyze complex technical data (IOC’s, vulnerability scans, logs, threat intelligence), triage and remediate incidents and identify systemic security issues and trends.
* Good knowledge of risk management and security governance processes.
Nice‑to‑Have
* Lead Implementer/Auditor experience with ISO/IEC27001 or SOC2 Type II security standards.
* Working knowledge of EU cybersecurity regulations and directives, specifically NIS2, CyberResilienceAct (CRA) and Radio Equipment Directive (RED) for IIoT.
* Professional certifications such as CISSP, CISM, CISA, AzureSecurity Engineer Associate, CCSP, or similar.
* Proficiency in scripting languages (Python, PowerShell, Bash) and data analysis for automation and handling of technical data.
* Expertise securing containerized workloads and Kubernetes clusters, embedding security controls into CI/CD pipelines (IaC, GitOps, automated SAST/DAST) and orchestrating enterprise‑wide DevSecOps programs.
* Hands-on experience with Microsoft security stack and platforms.
Why ANOVA?
We are very proudly one ANOVA.
From family businesses to the largest LPG, Industrial Gasses, and Chemicals companies in the world,
ANOVA monitors more than 1,000,000 assets across nearly 80 countries for over 2000 clients.
Our scale is global. Our service is local.
We partner directly with customers and take a holistic approach, integrating the best in IIoT technology
and expertise, driving continuous improvement and innovation, and delivering tailored solutions that make
our world more safe, efficient, and reliable.
Rewarding work that rewards you.
Your work, integrity, and commitment are rewarded through competitive compensation and reward
strategies, through sincere appreciation, and through opportunities for growth and advancement at
ANOVA. From health and finance to recognition and reward (and more!) — we've got you covered.
— Benefits based on inclusive best practices.
— People putting people first.
— Work that works for you
#J-18808-Ljbffr