Key skills
PythonBashPowerShellAzureKubernetesEntra IDActive DirectoryGitOpsCI/CDLeadershipRisk ManagementCommunicationPresentation Skills
About this role
Anova is a leading company in Industrial IoT (IIoT) solutions, seeking a Cyber Security Lead to support safe and efficient operations worldwide. The role involves leading cybersecurity initiatives, defining corporate strategies, and ensuring IT infrastructure security while providing technical leadership to teams.
Responsibilities:
- Lead and drive cybersecurity and IT security engineering initiatives end‑to‑end, including scoping, secure architecture design, implementation, validation, and operational hand‑over across on‑prem and cloud environments
- Define, own and continuously evolve the corporate cybersecurity strategy, spanning cloud and infrastructure security, security operations (SOC), vulnerability management, incident response, security awareness, and compliance
- Architect, implement and operate core security capabilities, including Azure security controls, identity and access management, endpoint detection and response (EDR/XDR), SIEM (Microsoft Sentinel), logging, monitoring and alerting
- Develop, measure and report monthly cybersecurity Key Risk Indicators (KRIs) and performance metrics to the Executive Committee, translating technical security signals into business‑level risk, impact and recommended actions
- Serve as primary incident commander during cybersecurity incidents, leading detection, containment, eradication, recovery and post‑incident root‑cause analysis and lessons learned
- Ensure IT infrastructure, applications and cloud platforms are designed and operated with appropriate preventive, detective and corrective security controls to reduce risk to an acceptable level
- Oversee ongoing security awareness and phishing‑resilience programs, aligned to evolving adversary tactics, techniques and procedures (TTPs)
- Perform and coordinate risk assessments, threat modelling, penetration tests and security testing, driving remediation plans and tracking closure with technical and business owners
- Define, implement and maintain security policies, standards and procedures, aligned with ISO/IEC 27001 and applicable regulatory requirements (NIS2, CRA, RED, GDPR)
- Maintain and continuously improve the Information Security Management System (ISMS) to sustain ISO/IEC 27001 certification, including internal audits and support for external surveillance and certification audits
- Oversee Disaster Recovery and Business Continuity planning, testing and continuous improvement in partnership with IT and business stakeholders
- Provide hands‑on technical leadership and mentorship to system administrators, developers and product managers on secure architecture, DevSecOps practices and secure‑by‑design principles
- Manage relationships with security vendors, MSSPs, penetration testers and relevant authorities, ensuring services deliver measurable security outcomes
- Stay current on emerging threats, vulnerabilities, attack techniques, security technologies and regulatory developments, proactively advising leadership on risk and investment priorities
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology or a related field
- 8+ years of progressive experience in cybersecurity and IT infrastructure, including at least 3 years in a technical‑lead or project‑lead role
- Demonstrated success leading complex, multi‑disciplinary cybersecurity engineering initiatives from design through production
- Strong written and verbal communication and presentation skills in English (Portuguese a plus), with the ability to brief executives and influence non‑technical stakeholders
- Hands‑on expertise in cloud and enterprise security architectures, including Microsoft Azure security controls, SIEM and SOC technologies (Microsoft Sentinel, EDR/XDR), Identity and access management (Active Directory / Entra ID)
- Experience analyzing and responding to security telemetry (IOCs, vulnerability scans, logs, alerts and threat intelligence) to triage incidents and identify systemic security issues
- Experience designing and delivering security awareness and phishing‑resilience programs
- Solid understanding of risk management, security governance and control frameworks, with the ability to balance security, usability and business needs
- Lead Implementer or Auditor experience with ISO/IEC 27001 or SOC 2 Type II
- Working knowledge of EU cybersecurity regulations and directives, including NIS2, Cyber Resilience Act (CRA) and Radio Equipment Directive (RED), particularly for IIoT environments
- Professional certifications such as CISSP, CISM, CISA, Azure Security Engineer Associate, CCSP, or equivalent
- Proficiency in scripting and automation (Python, PowerShell, Bash) for security operations, data analysis and control automation
- Experience securing containerized and cloud‑native workloads, including Kubernetes, CI/CD pipelines, IaC, GitOps and automated SAST/DAST within enterprise DevSecOps programs
- Hands‑on experience with the Microsoft security ecosystem, including Azure, Defender, Sentinel and related platforms