Senior Cybersecurity Engineer

Description

Job Summary: We are seeking a Senior Cybersecurity Engineer to ensure operational governance of the IT/OT cybersecurity GRC program, maintaining the regulatory framework and managing risks. Key Highlights: 1. Manages the IT/OT cybersecurity GRC program 2. Responsible for the regulatory framework and ISMS compliance 3. Coordinates cybersecurity risks and regulatory obligations **Date:** 28 May 2026 **Location:** Santiago, RM, Chile, 7550107 **Company:** Arauco ***Senior Cybersecurity Engineer*** ***At ARAUCO, we recognize each person in their individuality and diversity. We believe every individual’s contribution is unique, and teams become stronger when they integrate diverse perspectives and capabilities. We consider inclusion and diversity as fundamental elements for meeting present and future challenges.*** ARAUCO is seeking professionals with degrees in Computer Engineering, Systems Engineering, Telecommunications Engineering, or related fields, with at least 3 years of experience in Compliance, Auditing, or Cybersecurity roles, to join our Santiago Corporate Office as a **Senior Cybersecurity Engineer**. The primary **objective of this position** is to ensure operational governance of the IT/OT cybersecurity GRC program, being responsible for building and maintaining the regulatory framework, ensuring ISMS compliance, managing cybersecurity risks, and fulfilling applicable regulatory obligations, while supporting the GRC Head in decision-making with timely and reliable information. **Key Responsibilities:** * Serve as the owner for developing, reviewing, and updating the full set of IT/OT cybersecurity policies, standards, and procedures. Validate alignment of each document with corporate reference frameworks (ISO 27001, IEC 62443, NIST CSF, NERC\-CIP) and prepare them for approval by the GRC Head. * Ensure regulatory compliance of the ISMS (ISO 27001, IEC 62443, NERC\-CIP, NIST): manage the full cycle of internal and external audits, prepare required documentation, support audit processes, and formally track all findings to closure. * Manage and maintain the IT/OT cybersecurity risk process: coordinate risk identification, assessment, and treatment; keep the risk register updated; monitor execution of treatment plans by responsible departments. Manage the TPRM process in coordination with external service providers. Report status to the GRC Head for review and approval. * Populate and maintain the CISO Dashboard of KPIs/KRIs: collect data on compliance, control status, and risk across various departments; consolidate indicators; and prepare inputs used by the GRC Head for executive reporting to the CISO. * Support management of cybersecurity regulatory obligations: administer the compliance calendar (National Cybersecurity Framework Law, Personal Data Protection Law, NERC\-CIP, IEC 62443\), monitor deadlines, and coordinate legal aspects with Legal and the DPO. Prepare background documentation enabling the GRC Head to submit notifications to regulatory bodies where required. * Review cybersecurity and data protection clauses in supplier and customer contracts, acting as the technical counterpart to the Legal Department. * Prepare periodic regulatory status reports for the GRC Head: covering gaps, compliance status, and non-compliance risks with potential impact on sanctions or reputation. **Requirements:** * Degree in Computer Engineering, Systems Engineering, Telecommunications Engineering, or related field (Mandatory). * 3–5 years of experience in Compliance, Auditing, or Cybersecurity roles, with demonstrable experience in cybersecurity regulation or critical infrastructure (Mandatory). * National Cybersecurity Framework Law (Law No. 21\.663 or equivalent regional law); Personal Data Protection Law (Law No. 21\.719 or equivalent regional law); IEC 62443 — in-depth knowledge applicable to OT; NERC\-CIP — applied knowledge; ISO 27001; NIST CSF (Mandatory). * ISO 27001 Lead Implementer certification (Desirable). * Postgraduate degree, diploma, or master’s program in Compliance, Cybersecurity, or Data Privacy (Desirable). * CRISC and IEC 62443 Certificate (ISA) (Desirable). * Prior experience in regulatory consulting for cybersecurity or privacy (Desirable). * Availability to work at the El Golf Corporate Office, Santiago. ***At ARAUCO, we work daily to develop renewable forest-based products that improve people’s lives — a mission that challenges us to build committed, enthusiastic, and creative teams. We are a global company with over 50 years of history, operating and serving customers across multiple countries, united by a shared organizational culture. Therefore, we strive to create the necessary conditions to attract and develop talent within work environments grounded in respect, collaboration, and continuous communication.***