Cybersecurity Governance Risk & Compliance Lead (Madrid - Hybrid)

The company : Our customer is a technology-based startup with solid funding that is in the midst of expansion.

They will hire the selected candidate as an internal and permanent employee, based in Madrid, but providing services to their global organization.

Description of the position :

We're looking for a Governance Risk & Compliance Lead for its global operations in Madrid. He / She will be responsible for designing and operationalizing the company's governance, risk, and compliance framework. Reporting to the Head of Information Security, he / she will play a critical role in enabling company growth by ensuring regulatory readiness, managing risk, and embedding security and compliance into business and product operations.

Key Responsibilities and tasks : Compliance Programme Development : Lead the implementation of GDPR, ISO 27001, SOC 2, and NIS 2 compliance programmes, with a roadmap aligned to business priorities and client expectations.

Develop and maintain policies, procedures, and controls that support certification and audit readiness.

Coordinate with external auditors, consultants, and vendors to streamline evidence collection and reporting.

Risk Management : Operationalize the NIST Cybersecurity Framework across the corporate, product and operational domains

Conduct regular risk assessments and maintain a centralized risk register.

Collaborate with IT, Product and Legal teams to ensure risk mitigation strategies are prioritized correctly.

Governance & Policy Enforcement : Establish governance structures for security and compliance decision-making.

Run regular risk committees and track related actions.

Maintain and enforce policies such as password management, access control, and vendor risk.

Reporting & Communication : Provide regular updates to executive leadership on compliance progress, risk posture, and audit outcomes.

Develop dashboards and visualizations to communicate timelines and milestones to stakeholders.

Act as the primary liaison for compliance-related queries from clients, partners, and regulators.

Working Experience : 5+ years of Proven Experience in Cybersecurity landscape within cloud-first or SaaS organisations.

At least 2+ years in GRC roles.

Working experience of GDPR, ISO 27001, SOC 2, NIS 2, and NIST CSF.

Familiarity with compliance automation platforms (e.g., Vanta, OneTrust).

Not mandatory but preferred : Lead on ISO 27001, SOC2 or GDPR compliance implementation.

In-depth knowledge of the NIS2 directive.

Working knowledge of Azure cloud environments.

Working knowledge of OT security.

Soft skills :

Excellent communication and stakeholder management skills.

International work experience working with international teams.

Education and Training : Bachelor's Degree or vocational training qualification : In information technology, or a related field.

Certifications : Not mandatory but preferred Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or ISO 27001 Lead Implementer.

Languages : Spanish : Very good Business Spanish required (excellent communication skills). B2 / C1 level.

English : Very good Business English required (excellent communication skills). B2 / C1 level.

Job Conditions :

Job location : Tres Cantos (Madrid). European Union nationality otherwise EU / Spain work permit required as a prerequisite.

Employment Type : Permanent Full Time, as internal employee.

Salary : Depending on qualification and experience.

Work from home : Hybrid working model including the possibility of working from home (70%) but according to the specific needs that may arise from the perspective of project development, department, clients, and / or partners.

If you are interested, please apply here or send an email to [email protected] including in the subject : 'Governance Risk & Compliance Lead' along with your English CV.

#J-18808-Ljbffr