- Senior
- Optionales Büro in Barcelona
We are the Intelligent Internet Platform. We connect People, Places and Things anywhere, managing Internet Performance better than anyone else, while providing One Global Experience, giving Visibility, Control and Security through expereoOne.
Expereo believes in the power of Internet connectivity. As the world's largest provider of managed internet, SD-WAN/SASE, and Cloud connectivity solutions, we power enterprises and government sites worldwide, helping to enhance every business' productivity with flexible and optimal Internet performance.
As a trusted partner of Fortune 500 enterprises, our continued aim and success in helping our customers and partners depends solely on the talented individuals who make Expereo a dynamic, effective, multicultural, and equitable environment.
About the role
Reports to: Chief Digital Officer (with quarterly Audit/Risk committee updates)
The Enterprise & Network Security Director (“ENS”) is responsible for developing and implementing a holistic security strategy of the Expereo Enterprise Organization and the Network Products and Services delivered to its customers. This includes corporate IT, cloud application devops, compliance frameworks, and the global network installed base that underpins our services. The ENS Director leads teams across Enterprise IT security, Cloud Security, Network/ISP Security, Compliance, and Security Operations — ensuring resilience, trust, and regulatory alignment across the organization and customer offerings.
This role also involves managing a team of security professionals, collaborating closely with Platform Engineering, Product, IT and Network Ops, HR, and Legal/DPO, as well as senior leadership. Most importantly, while strategic in nature, this role requires a hands-on approach.
Key Responsibilities
- Define and execute the end-to-end security strategy covering Enterprise, Cloud Applications, and Network domains; represent cybersecurity posture to management, regulators, auditors and key customers.
- Lead and mentor cross-functional security teams (Enterprise IT SecOps, Cloud Security, Network Security, Compliance, Identity).
- Oversee global security policies, risk management, and regulatory alignment (ISO27001, SOC2, GDPR, NIS2/DORA, Telecom-specific regulations).
- Ensure security is embedded in product/service lifecycles (Internet access, SD-WAN, SASE, NaaS) and that they are secure by design and meet customer and industry expectations.
- Drive vendor/partner risk management and customer assurance processes.
- Conduct regular risk assessments, vulnerability tests, and threat analysis to identify and mitigate security risks.
- Work with IT teams to ensure security of endpoints, servers, internal infrastructure, and enterprise IT systems.
- Own cloud security posture mgmt, key rotation, least privilege, and baseline hardening for AWS (API Gateway, Cognito, IAM SigV4, EventBridge, etc.).
- Drive strong authentication, device posture, PAM, and customer federation; standardise scopes/claims for external APIs.
- Own security of backbone, edge, peering, and transit/last-mile networks.
- Oversee network defences (DDoS, BGP/RPKI validation, DNS/DNSSEC, etc)
Requirements
- 10+ years of experience in cybersecurity, with proven leadership of multi-domain security functions (Enterprise IT, Cloud, Networks, Compliance).
- Professional certifications (CISSP, CISM, CCSP, CCNP Security, or equivalent).
- Strong communicator with credibility at executive, technical, and regulatory levels; with customer-focused mindset with emphasis on trust, resilience, and service assurance.
- Information Security & Compliance Expertise: Deep knowledge of ISO 27001, SOC 2 Type II, NIS2, and DORA regulations, with experience leading audits and closing compliance gaps.
- Security Architecture & Engineering: Proficiency in secure SDLC practices, application security tooling (SAST/SCA/DAST), cloud security (CSPM/CIEM/CNAPP), and infrastructure hardening.
- Incident Detection & Response: Strong skills in threat detection, SIEM/SOAR, incident response, and achieving low MTTD/MTTR; experience with purple teaming and tabletop exercises.
- Network Security: Understanding of routing security principles (BGP/RPKI), network segmentation and DDoS mitigation,
- Identity Management: Implementing zero-trust / password-less solutions.
- Risk Management & Vendor Security: Ability to assess third-party risk, enforce contract controls, manage remediation, and provide continuous monitoring for key suppliers.
- Strategic yet hands-on leader is a must — able to set vision and oversee day-to-day operations.
Benefits
- Private Healthcare Plan
- Pension Plan
- Life Assurance
- Hybrid working
- 25 days Holiday
- Annual Company Bonus
Beyond the Job
We’re proud of our focus on Environment, Social and Governance as well as the passion we display for the communities where we live and work.
EEO (Equal Employments Opportunities) Statement:
Expereo is an Equal Opportunities employer who aims to support and celebrate every employee that comes through our doors. We respect and support all of our people regardless of background, religion, nationality, sexual orientation, age, or physical condition.
Jetzt bewerben