🛠 Tech Stack

💼 About This Role

You'll own the global GRC program for a high-growth fintech scale-up, designing and maturing security frameworks aligned to ISO 27001, NIST, GDPR, and DORA. You'll act as the bridge between technical security and business risk, providing expert guidance on regulatory landscapes. This role offers the chance to be a strategic leader in an experienced infosec team.

🎯 What You'll Do

• Design and mature global GRC framework
• Own risk assessment lifecycle and communicate risk to stakeholders
• Lead external audits and oversee remediation
• Mature Third-Party Risk Management program

📋 Requirements

• 5+ years in Information Security, GRC, or Risk Management
• Strong knowledge of ISO 27001, SOC 2, GDPR, FCA/DORA, NIST
• Hands-on experience with risk management processes and control frameworks
• Familiarity with GRC or risk platforms (e.g. OneTrust)

✨ Nice to Have

• Industry certifications such as CISSP, CRISC, CISA
• ISO 27001 Lead Implementer/Auditor
• Experience with financial regulators

🎁 Benefits & Perks

• 💰 Competitive starting salary with annual discretionary bonus
• 📈 Clear accelerated career progression to leadership roles
• 🧑‍🏫 Dedicated mentorship from experienced managers
• 🏥 Generous benefits package including health care
• 📍 Central Madrid office with excellent transport links

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Hiring Manager Interview· 60 min
3. 3Technical Interview· 60 min
4. 4Offer· 30 min