Overview Cybersecurity Governance, Risk & Compliance (GRC) Lead at ALS. This role leads the GRC program, shaping governance, risk management, and regulatory compliance across the organization.
Responsibilities Governance & Strategy : Develop, maintain, and communicate the cybersecurity governance framework, including policies, standards, and guidelines. Define the enterprise cybersecurity strategy aligned with business objectives and risk appetite. Establish decision-making structures for cybersecurity (committees / boards) for risk and compliance oversight. Provide executive reporting on cybersecurity posture, compliance status, and risk exposure.
Risk Management : Identify, assess, and prioritize cybersecurity risks. Implement enterprise risk management processes for IT and cybersecurity (risk assessment, mitigation, monitoring). Collaborate with business and IT leaders to ensure risk-aware decision-making in projects, operations, and third-party engagements. Maintain alignment with global / local regulations, industry standards (ISO 27001, NIST), and the Essential 8 where relevant.
Compliance & Regulatory Oversight : Ensure compliance with regulations (GDPR, NIS2, ISO 27001) and industry standards. Lead internal audits, regulatory assessments, and third-party compliance evaluations. Implement remediation plans for audit findings and track progress against compliance initiatives.
Security Awareness & Culture : Drive cybersecurity awareness programs and provide guidance and training to embed security practices in daily operations.
Leadership & Team Development : Lead and mentor GRC team members; advise senior management on cybersecurity strategy, emerging threats, and regulatory changes. Liaise with external partners, auditors, and regulators on GRC matters.
Qualifications & Skills Bachelor’s degree in Information Technology, Cybersecurity, or related field; Master’s preferred.
Extensive experience in information security, governance, risk management, and compliance, ideally in multinational organizations.
Proven leadership of GRC programs and cross-functional initiatives.
Strong knowledge of EU regulations (GDPR, NIS2) and security frameworks (ISO 27001, NIST).
Experience with risk assessment methodologies, control frameworks, and compliance tools.
Excellent strategic thinking, stakeholder management, and communication skills.
Key Performance Indicators (KPIs) Compliance levels of IT and business processes with internal standards and regulatory requirements.
Number of significant cybersecurity risks mitigated or reduced.
Timeliness and effectiveness of audit remediation.
Employee cybersecurity awareness and training completion rates.
Successful integration of GRC considerations into major IT projects and initiatives.
Working at ALS ALS is a diverse, value-driven employer committed to an inclusive, safe, flexible, and rewarding work environment. We invest in our people with programs and opportunities to build a meaningful career, while making a positive impact on our teams, the planet, and communities. Equality and accommodation statements apply to all applicants.
Eligibility To be eligible to work at ALS you must be a Citizen or Permanent Resident of the country you are applying for, or hold or obtain a valid working visa.
How To Apply Please apply online and provide a cover letter and CV that demonstrate your motivation and ability to meet the role requirements.
#J-18808-Ljbffr
Compliance Lead • Madrid, Madrid, SPAIN