Especialista de Ciberseguridad

SEMPRA INFRAESTRUCTURA

Nuestra misión de ser la empresa líder de infraestructura energética en Norteamérica se materializa todos los días a través de nuestros valores, al hacer lo correcto, impulsar a las personas y formar el futuro. Como líderes con propósito en la industria energética, facilitamos el acceso a suministro de energía segura y sustentable que mejora la vida, inspira a las personas y abre posibilidades en todas partes.  

Sé parte de nuestro gran equipo y llénate de energía. Postúlate a nuestra vacante como:

Especialista de Ciberseguridad 

MAIN OBJECTIVE

Build a sustainable cybersecurity culture within the organization by designing and delivering targeted security training programs and executing phishing simulation campaigns, with the strategic goal of advancing the awareness program from Level 3 (Awareness & Behavior Change) to Level 4 (Long-Term Sustainment & Culture Change) as defined by the SANS Security Awareness Maturity Model.

• Measurably reduce human risk across the organization through behavior-driven training interventions informed by phishing campaign data and historical performance metrics
• Develop relevant, current training content aligned to the active threat landscape affecting the organization's industry and operational context
• Position cybersecurity as a shared organizational responsibility — embedded across all business areas, not siloed within the technology function
• Work in close coordination with the U.S.-based Security Awareness counterpart to ensure program consistency, metric alignment, and global standardization

RESPONSIBILITIES

Content Design & Development:

• Design cybersecurity training programs segmented by audience profile: executives, finance teams, general users, technical staff, and remote workers
• Develop training materials across multiple formats: presentations, e-learning modules, microlearning, videos, infographics, and quick-reference guides
• Align all content to the active threat landscape, incorporating sector-relevant threat intelligence into training narratives
• Maintain the annual awareness program calendar, ensuring thematic progression, format variety, and cadence consistency throughout the year

Training Delivery:

• Facilitate in-person and virtual training sessions for diverse audiences across the organization
• Adapt tone, technical depth, and examples to the profile and risk exposure of each target group
• Manage session logistics including scheduling, registration, attendance tracking, and post-session evaluation
• Develop and maintain security awareness content integrated into employee onboarding and role-change processes

Phishing Simulation Campaigns:

• Plan, configure, and execute monthly phishing simulation campaigns following the established approval process (CISO & Management)
• Select and design templates aligned to defined criteria: historical failure rate, campaign type, psychological hook, threat intelligence alignment, and difficulty tier
• Analyze campaign results by segment (department, role, privilege level, prior failure history) and produce executive-ready reports
• Assign and track remedial training modules for users who fail simulations
• Escalate repeat offenders (2 or more failures within a rolling 12-month period) to Human Resources and the user's direct manager

Metrics & Reporting:

• Maintain program KPIs: failure rate, reporting rate, training completion rate, and longitudinal trend data
• Contribute to the development and tracking of the organizational Human Risk Score
• Prepare periodic program reports for the Information Security Manager and executive-level summaries for CISO consumption
• Document all program activities in the corresponding awareness program registry

Culture & Program Management:

• Identify and develop a Security Champions or cybersecurity ambassador network embedded within business units
• Collaborate with HR and Internal Communications to integrate security awareness messaging into existing organizational channels
• Maintain ongoing coordination with the U.S. counterpart to align methodologies, share best practices, and ensure global program consistency
• Actively participate in periodic maturity assessments of the awareness program against the SANS Security Awareness Maturity Model

EXPERIENCE AND KNOWLEDGE

• Minimum 3 years of experience in information security functions, with at least 2 years focused on security awareness programs, training delivery, or cybersecurity culture initiatives
• Demonstrated experience designing and delivering training for non-technical audiences in corporate environments
• Hands-on experience executing phishing simulation campaigns using specialized platforms (GoPhish, KnowBe4, Proofpoint Security Awareness, Microsoft Attack Simulator, or equivalent)
• Working knowledge of cybersecurity frameworks: NIST CSF 2.0, ISO 27001, CIS Controls v8
• Familiarity with the SANS Security Awareness Maturity Model and its level-specific assessment criteria
• Knowledge of the current threat landscape: social engineering, phishing, BEC, vishing, smishing, quishing, and generative AI-based threats
• Experience developing behavioral metrics and risk-oriented executive reporting

EDUCATION

• Bachelor's degree in Information Systems, Computer Engineering, Cybersecurity, Organizational Communication, Organizational Psychology, or a related field

Required Certifications (at least one):

• SSAP — Security Awareness and Culture Professional (SANS / GIAC) — most directly aligned to this role
• GSAT — GIAC Security Awareness Trainer (SANS / GIAC)
• CompTIA Security+ — cybersecurity technical knowledge baseline
• Certified Phishing Defense Expert (CPDE) or equivalent

Desirable Certifications (added value):

• CISM — Certified Information Security Manager (ISACA)
• CISSP — Certified Information Systems Security Professional (ISC²)
• CEH — Certified Ethical Hacker (EC-Council) — for offensive phishing methodology understanding
• Microsoft Security Certifications — SC-900, MS-500 (relevant in Microsoft 365 / Copilot environments)
• Instructional design or e-learning authoring certifications (Articulate Storyline, Adobe Captivate) — desirable for content development capability

Languages:

• Spanish: native
• English: bilingual — advanced spoken and written proficiency required for U.S. counterpart coordination and consumption of international technical content

#LI-BT

 ¡Postúlate y sé parte del gran equipo de Sempra Infraestructura!

En Sempra Infraestructura abrazamos la diversidad y estamos comprometidos a ofrecer a todos nuestros candidatos y colaboradores las mismas oportunidades de éxito, sin tener en cuenta la raza, color, nacionalidad, ciudadanía, religión, discapacidad física o mental, condición médica, información genética, estado civil, sexo, orientación sexual, género, identidad de género, expresión de género, edad, situación social y económica, filiación política o cualquier otra característica protegida por la ley. De igual forma, no existirá discriminación de ningún tipo para los colaboradores que hayan tenido COVID-19 o hayan convivido con algún familiar que lo tenga o haya tenido.