IT Compliance Manager

Join Ferrovial: Where Innovation Meets Opportunity

Are you ready to elevate your career with a global leader in infrastructure solving complex problems and generating a positive outcome on people’s lives? At Ferrovial, we are not just a company; we are a community of innovators and trailblazers. Listed on three major stock markets: Nasdaq (US), Euronext Amsterdam (Netherlands) and IBEX 35 (Spain), we are also member of the Dow Jones Sustainability Index and FTSE4Good. We operate in more than 15 countries and have a workforce of over 24,000 professionals worldwide.

Ferrovial’s activity is carried out through our business units, including Highways, Airports, Construction, and Energy.  Our corporate organization oversees business activities, providing strategic planning, communication, legal, finance and human resources services to the business units. As a member of our corporate organization, you will have a broad view of our company, further supporting your career development.

Why Ferrovial?

• Global presence, local impact: Be part of a company that is shaping the future of infrastructure worldwide, with challenging roles and projects that make a real difference.
• Collaborative excellence: Work alongside talented professionals in a collaborative environment where your ideas and contributions are valued.    
• Diverse and inclusive culture: Thrive in an innovative and respectful workplace that celebrates cultural diversity and fosters creativity.
• Career growth: Benefit from global and cross-business unit mobility, with development processes designed to ensure your professional growth.
• Compelling benefits and employee wellbeing: Enjoy a comprehensive benefits package that rewards your hard work and dedication and take advantage of initiatives designed to support your physical and psychological health.
• Productivity tools: Utilize cutting-edge tools like Microsoft Copilot to enhance your productivity and efficiency.

 

Job Description:

The IT Compliance Manager will lead the planning and execution of assurance and advisory engagements related to IT compliance. This includes coordinating the dedicated workstream in SOX program, oversight on work of outsourced assurance providers, and ensuring timely completion of deliverables.

Responsibilities:

• SOX IT Program Management: Manage a dedicated workstream within global SOX IT operations across Ferrovial, encompassing all relevant companies and business units.
• Documentation and Control Framework: Oversee the improvement and maintenance of Risk & Control Matrices, Flowcharts, and Narratives for in-scope applications. Ensure the completeness of documentation within the GRC tool, covering ITGCs, ITACs, IPEs, applications, and other key SOX assets.
• Risk Assessment and Control Identification: Conduct application risk assessments to identify key and non-key controls.
• Audit Support: Provide support to IT teams during Internal Audit's continuous audit program and external SOX audits.
• Remediation Management: Coordinate the definition, implementation, and follow-up of remediation plans for in-scope elements (ITGCs, ITACs, and IPEs) resulting from audits, organizational changes, IT environment modifications, etc.
• Cross-Functional Collaboration: Coordinate communication with other areas (e.g., Cybersecurity, Finance) to align internal control approach.
• Process Improvement and Cost Optimization: Identify opportunities to increase efficiency and/or optimize costs associated with SOX compliance efforts.
• Training and Education: Provide ongoing education to process owners on compliance with SOX regulations and company finance and information systems policies.
• Digitalization and Automation: Contribute to the internal digitalization and automation of SOX-related processes. Coordinate the implementation of an evidence automation strategy and specific tools to reduce manual effort.
• Risk Management: Review and evaluate the IT risk map and promote a plan to mitigate data risks in the short, mid, and long term. Ensure compliance with internal audit recommendations on IT processes and departments.
• Regulatory Monitoring: Stay abreast of new regulatory changes and assess their impact on the business.
• Reporting and Documentation: Consolidate reports and establish a consistent and unified approach for the collection and presentation of evidence and documentation.

Requirements:

• Bachelor's degree in Computer Science or Finance with 5-8+ years of experience in SOX IT compliance/assessment projects, either as part of audit engagement teams or in SOX IT advisory engagements. At least 2 years of experience at a Big 4 accounting firm is required.
• Experience implementing a SOX IT program is a plus.
• Strong knowledge of a wide range of technologies (applications, infrastructure, networking, IT management controls). Experience with SAP and Archer is preferred.
• Knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001, NIST CSF, etc.).
• Solid understanding of SOX compliance requirements, including PCAOB requirements.
• Understanding of business processes (e.g., Order to Cash, Procure to Pay, Financial Reporting, etc.) and audit and internal control testing techniques.
• Detail-oriented, self-motivated, and flexible with strong prioritization skills. Ability to multi-task and work in a fast-paced, global, team-oriented environment, managing various stakeholders at different levels.
• Excellent project management and communication skills.
• Professional qualification such as CISA, CIA, CISM, ISO 27001 Lead Auditor, or equivalent is an asset.
• Ability and willingness to travel up to 20% annually.
• Fluency in English and Spanish is required.

Seize the challenge. Move the world together! Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!

Ferrovial is an equal opportunity employer.  We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.

#WeAreFerrovial