Join Ferrovial: Where Innovation Meets Opportunity
Are you ready to elevate your career with a global leader in infrastructure solving complex problems and generating a positive outcome on people’s lives? At
Ferrovial , we are not just a company; we are a community of innovators and trailblazers. Listed on three major stock markets: Nasdaq (US), Euronext Amsterdam (Netherlands) and IBEX 35 (Spain), we are also member of the Dow Jones Sustainability Index and FTSE4Good. We operate in more than 15 countries and have a workforce of over 24,000 professionals worldwide. Ferrovial’s activity is carried out through our business units, including Highways, Airports, Construction, and Energy.
Our
Corporate
organization oversees business activities, providing strategic planning, communication, legal, finance and human resources services to the business units. As a member of our corporate organization, you will have a broad view of our company, further supporting your career development.
Why Ferrovial?
Global presence, local impact : Be part of a company that is shaping the future of infrastructure worldwide, with challenging roles and projects that make a real difference.
Collaborative excellence : Work alongside talented professionals in a collaborative environment where your ideas and contributions are valued.
Inclusive Culture:
Thrive in an innovative and respectful workplace that values every voice, celebrates what makes us unique and turns differences into innovation.
Career growth : Benefit from global and cross-business unit mobility, with development processes designed to ensure your professional growth.
Compelling benefits and employee wellbeing : Enjoy a comprehensive benefits package that rewards your hard work and dedication and take advantage of initiatives designed to support your physical and psychological health.
Productivity tools : Utilize cutting-edge tools like Microsoft Copilot to enhance your productivity and efficiency.
Job Description: About the Role We are looking for a GRC Senior Specialist with strong expertise in Segregation of Duties (SoD), SAP authorization models and GRC controls across SAP ECC/R3 and S/4HANA environments. The role ensures robust access governance, regulatory and SOX compliance, and effective risk management in a highly regulated and complex environment. You will lead the SoD program, design and maintain SAP roles and permissions, support audits, and enhance security using AI-driven techniques for role mining, SoD automation and anomaly detection. English fluency (C1+) is required.
Key Responsibilities
Lead GRC and SoD initiatives aligned with business and compliance requirements.
Define and implement the SAP Access Model and maintain a least-privilege authorization framework.
Own the SoD ruleset: analyze conflicts, simulate changes and drive remediation and mitigating controls.
Strengthen GRC controls including access governance, workflows and emergency access management.
Ensure SOX compliance, maintain documentation, support audit processes and ensure complete audit trails.
Use AI tools (role mining, clustering, anomaly detection) to optimize role design, SoD testing and provisioning automation.
Govern the user access lifecycle, perform periodic access reviews and collaborate with SAP Basis, functional teams and business role owners.
Investigate access-related incidents, including firefighter usage and suspicious access patterns.
Maintain policies, procedures, naming standards and SoD exception handling guidelines.
Develop dashboards and KPIs on risk posture, SoD trends and provisioning performance.
Collaborate with Finance, Internal Audit and External Audit.
Support integrations, APIs, data migrations and deployments, including SAP–SailPoint integration.
Qualifications
Degree in Computer Science, Engineering, IT or related fields.
Highly valued certifications: CISA, CISM, CISSP, CPP, PMP.
10+ years of experience in complex cybersecurity environments within large international organizations.
Strong hands‑on expertise in SAP authorization models, SoD management and GRC controls.
Experience designing and improving security strategies, governance and risk management frameworks.
Knowledge of SOX, GDPR, ISO 27001 and NIST frameworks.
Experience identifying and managing risks derived from compliance, technology and regulatory requirements.
Background in security incident management, business continuity, cyber intelligence, audits and security reviews.
Experience with AWS, Azure or Google Cloud security implications.
Strong communication, stakeholder management and negotiation skills; English C1+.
Ability to innovate, multitask and solve problems in fast‑paced environments.
Seize the challenge. Move the world together!
Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!
Ferrovial is an equal opportunity employer. We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.
#WeAreFerrovial
#J-18808-Ljbffr
Ferrovial , we are not just a company; we are a community of innovators and trailblazers. Listed on three major stock markets: Nasdaq (US), Euronext Amsterdam (Netherlands) and IBEX 35 (Spain), we are also member of the Dow Jones Sustainability Index and FTSE4Good. We operate in more than 15 countries and have a workforce of over 24,000 professionals worldwide. Ferrovial’s activity is carried out through our business units, including Highways, Airports, Construction, and Energy.
Our
Corporate
organization oversees business activities, providing strategic planning, communication, legal, finance and human resources services to the business units. As a member of our corporate organization, you will have a broad view of our company, further supporting your career development.
Why Ferrovial?
Global presence, local impact : Be part of a company that is shaping the future of infrastructure worldwide, with challenging roles and projects that make a real difference.
Collaborative excellence : Work alongside talented professionals in a collaborative environment where your ideas and contributions are valued.
Inclusive Culture:
Thrive in an innovative and respectful workplace that values every voice, celebrates what makes us unique and turns differences into innovation.
Career growth : Benefit from global and cross-business unit mobility, with development processes designed to ensure your professional growth.
Compelling benefits and employee wellbeing : Enjoy a comprehensive benefits package that rewards your hard work and dedication and take advantage of initiatives designed to support your physical and psychological health.
Productivity tools : Utilize cutting-edge tools like Microsoft Copilot to enhance your productivity and efficiency.
Job Description: About the Role We are looking for a GRC Senior Specialist with strong expertise in Segregation of Duties (SoD), SAP authorization models and GRC controls across SAP ECC/R3 and S/4HANA environments. The role ensures robust access governance, regulatory and SOX compliance, and effective risk management in a highly regulated and complex environment. You will lead the SoD program, design and maintain SAP roles and permissions, support audits, and enhance security using AI-driven techniques for role mining, SoD automation and anomaly detection. English fluency (C1+) is required.
Key Responsibilities
Lead GRC and SoD initiatives aligned with business and compliance requirements.
Define and implement the SAP Access Model and maintain a least-privilege authorization framework.
Own the SoD ruleset: analyze conflicts, simulate changes and drive remediation and mitigating controls.
Strengthen GRC controls including access governance, workflows and emergency access management.
Ensure SOX compliance, maintain documentation, support audit processes and ensure complete audit trails.
Use AI tools (role mining, clustering, anomaly detection) to optimize role design, SoD testing and provisioning automation.
Govern the user access lifecycle, perform periodic access reviews and collaborate with SAP Basis, functional teams and business role owners.
Investigate access-related incidents, including firefighter usage and suspicious access patterns.
Maintain policies, procedures, naming standards and SoD exception handling guidelines.
Develop dashboards and KPIs on risk posture, SoD trends and provisioning performance.
Collaborate with Finance, Internal Audit and External Audit.
Support integrations, APIs, data migrations and deployments, including SAP–SailPoint integration.
Qualifications
Degree in Computer Science, Engineering, IT or related fields.
Highly valued certifications: CISA, CISM, CISSP, CPP, PMP.
10+ years of experience in complex cybersecurity environments within large international organizations.
Strong hands‑on expertise in SAP authorization models, SoD management and GRC controls.
Experience designing and improving security strategies, governance and risk management frameworks.
Knowledge of SOX, GDPR, ISO 27001 and NIST frameworks.
Experience identifying and managing risks derived from compliance, technology and regulatory requirements.
Background in security incident management, business continuity, cyber intelligence, audits and security reviews.
Experience with AWS, Azure or Google Cloud security implications.
Strong communication, stakeholder management and negotiation skills; English C1+.
Ability to innovate, multitask and solve problems in fast‑paced environments.
Seize the challenge. Move the world together!
Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!
Ferrovial is an equal opportunity employer. We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.
#WeAreFerrovial
#J-18808-Ljbffr