Security Governance Specialist, Information Security Team (100% remote-friendly within Spain)

The Security Governance Specialist is a critical member of the Information Security team responsible for developing and maintaining the governance framework, policies, procedures, and standards that guide the organization's information security practices. This role plays a pivotal role in ensuring that security efforts align with business objectives and comply with relevant regulations and industry standards.

Key Responsibilities

Policy and Procedure Development:

• Develop and maintain information security policies, procedures, and standards in alignment with industry best practices, regulatory requirements, and organizational goals.
• Collaborate with stakeholders across the organization to ensure policies meet business needs while maintaining security standards.

Security Governance Framework

• Establish and manage the security governance framework, ensuring consistency and accountability in security practices.
• Define and communicate governance-related roles and responsibilities within the organization.

Compliance Management

• Assist in identifying and understanding regulatory requirements and standards relevant to the organization (e.g., SOC 2, ISO 27001).
• Ensure that security practices and policies align with compliance requirements and facilitate compliance assessments and audits.

Security Awareness

• Contribute to the development of security awareness programs and training materials.
• Collaborate with the Security Awareness and Training Specialist to educate employees about security policies and best practices.

Documentation and Reporting

• Maintain a repository of security policies, procedures, and standards.
• Prepare and distribute reports on compliance status, governance efforts, and security metrics to management.

Security Risk Management

• Integrate risk management principles across the business.
• Ensure that security governance efforts address identified risks appropriately.

Continuous Improvement

• Stay informed about emerging security threats, regulations, and best practices.
• Propose and implement improvements to the security governance framework based on industry trends and organizational needs.

Security Culture

• Integrate with Tech and Product teams to identify and assess new development initiatives or projects
• Bridge communication between the security and engineering teams ensuring needs and expectations are understood and managed.

• ISO 27001 Lead Auditor or Implementer certification is highly desirable (but not essential)
• Experience leading or taking part in internal and or external audits
• 5+ years of experience in information security governance 
• Knowledge of relevant security standards and frameworks (e.g., ISO 27001, NIST, SOC 2).
• Experience of continuous compliance tooling (eg Vanta or Drata)
• Strong understanding of regulatory requirements, such as GDPR
• Excellent communication and collaboration skills, with the ability to work across various departments.
• Strong analytical and problem-solving skills.
• Detail-oriented with a commitment to maintaining accuracy in documentation.
• Ability to adapt to a dynamic and fast-paced environment.
• Self-starter and free thinker

True flexibility and work-life balance

• Remote or hybrid work model with our hub in Barcelona;

• Flexible working hours;

• Summer intensive schedule during July and August (work 7 hours, finish earlier);

• 23 paid holidays, with exchangeable local bank holidays;

• Additional paid holiday on your birthday or work anniversary (you choose what you want to celebrate).

Health comes first 

• Private healthcare plan with Adeslas for you and subsidized for your family (medical and dental);

• Access to hundreds of gyms for a symbolic fee in partnership for you and your family. 

• Access to iFeel, a technological platform for mental wellness offering online psychological support and counseling. 

Keep growing with us

• Free English and Spanish classes.

We promote and embrace equal opportunities in our hiring process, and also every day at work. When you apply for our roles you receive equal treatment regardless of age, disabilities, gender reassignment, marital or civil partner status, pregnancy or parental status, race, colour, nationality, ethnic or national origin, religion or belief, sex, sexual orientation or any other dimension of human difference.  If you require additional support in your recruitment process, we kindly encourage you to let us know. Behind those words you’re reading, there’s a person (hi!) who already helped a candidate by adapting the interviews, and now we’re lucky to have this person with us. So, even if you’ve never asked for it before, may this serve as a sign that, now, you can do so. We can only truly be equal if we adapt to each other.

“We believe all humans, in all their beautiful diversity, should have equal rights, dignity and respect. Period.” Mariusz Gralewski,  CEO