🛠 Tech Stack

💼 About This Role

You'll spearhead global GRC initiatives and own the information security management system at a high-growth fintech scale-up. Your work will directly enable Ebury's international expansion while ensuring compliance with ISO 27001, GDPR, and DORA.

🎯 What You'll Do

• Design and mature global GRC framework aligned with ISO 27001, NIST, GDPR, DORA.
• Own the risk assessment process and communicate risk to business stakeholders.
• Lead external audits as primary liaison and oversee remediation of findings.
• Mature the Third-Party Risk Management program and define vendor security standards.

📋 Requirements

• 5+ years in Information Security, GRC, or Risk Management
• Strong knowledge of ISO 27001, SOC 2, GDPR, FCA/DORA, NIST
• Hands-on experience implementing risk management processes and control frameworks
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001 Lead Implementer/Auditor

✨ Nice to Have

• Familiarity with GRC platforms like OneTrust
• Experience with regulatory audits and working with financial regulators

🎁 Benefits & Perks

• 💰 Competitive Starting Salary with annual discretionary bonus
• 📈 Clear, Accelerated Career Progression pathways
• 🧑‍🏫 Dedicated Mentorship from experienced managers
• 🏢 Central Madrid Office with excellent transport links
• 🏥 Generous Benefits Package including health care and social benefits

📨 Hiring Process

Estimated timeline: 2-3 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Technical Interview· 45 min
3. 3Leadership Interview· 45 min