Principal Engineer - Governance, Risk & Compliance
Barcelona
About Kiwi.com
Kiwi.com is a leading global travel-tech company headquartered in the Czech Republic. Our innovative algorithm enables users to find better route options and prices other search engines can’t see, daily performing billions of price checks across 95% of global flight content. Are you bold, bright and curious? Join a global business that’s still got a start-up heart.
About our Information Security team
The information security team is responsible for enhancing security practices across our entire ecosystem, aiding our Engineers in creating and maintaining secure products, and supporting secure operations. Our talented team leverages automated governance, risk, and compliance platforms to streamline compliance processes and is also focused on developing a roadmap for continuously improving our future governance practices.
Interested? Join us and help us make travel more accessible to all.
Kiwi.com is proud to be an equal opportunity workplace and employer. We review applications for employment without regard to their race, colour, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at: https://jobs.kiwi.com/recruitment-privacy-policy/.
Kiwi.com is a leading global travel-tech company headquartered in the Czech Republic. Our innovative algorithm enables users to find better route options and prices other search engines can’t see, daily performing billions of price checks across 95% of global flight content. Are you bold, bright and curious? Join a global business that’s still got a start-up heart.
About our Information Security team
The information security team is responsible for enhancing security practices across our entire ecosystem, aiding our Engineers in creating and maintaining secure products, and supporting secure operations. Our talented team leverages automated governance, risk, and compliance platforms to streamline compliance processes and is also focused on developing a roadmap for continuously improving our future governance practices.
What you will do
- You will own and manage the lifecycle of our key compliance frameworks, including PCI-DSS, ISO27001, SOC2, and NIS2.
- You will develop and maintain automated Governance, Risk, and Compliance (GRC) platforms to support continuous compliance monitoring, reporting, and auditing.
- Collaborating with engineering teams, you will align technical controls with regulatory and certification requirements.
- You’ll establish policies, standards, and procedures that align with industry best practices and regulatory requirements.
- You will work closely with our Director of Security to develop metrics and reporting frameworks that demonstrate the successful implementation and management of our GRC function.
- You’ll lead internal and external audits, ensuring timely completion and accurate evidence collection.
- You will educate stakeholders on compliance requirements and security risks, fostering a security-first culture across Kiwi.com
- You will provide mentorship and coaching to colleagues within our Information Security team.
What you will need
- Your strong expertise in Information Security, Risk Management, and Compliance.
- You bring extensive experience managing compliance frameworks such as PCI-DSS, ISO27001, SOC2, and NIS2.
- You bring hands-on experience with GRC automation platforms to improve audit and compliance efficiencies.
- A strong understanding of cloud security frameworks, along with your experience with Google Cloud Platform, is preferred.
- You are an excellent communicator who can translate technical security requirements into clear business language.
- You have experience working cross-functionally with engineering, legal, and executive teams.
- With your coaching and mentoring abilities, you will enhance the knowledge of the wider security team.
- You have a self-starter mentality with the ability to manage multiple projects independently.
We offer you
- We offer a hybrid and flexible work environment. A lovely, modern office in the center of Barcelona (Passeig de Gracia) with great views and amenities.
- We also enjoy benefits, such as flexible working hours, 30 paid vacation days, sick days, private medical insurance, Employee Assistance Program, GymForLess membership, the annual subscription for El Bicing.
- Annual financial bonus based on company and individual performance.
- Flight vouchers to celebrate your kiwi anniversaries.
- Relocation package (including visa transfer support).
- Dogs are welcome in our offices.
Interested? Join us and help us make travel more accessible to all.
Kiwi.com is proud to be an equal opportunity workplace and employer. We review applications for employment without regard to their race, colour, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at: https://jobs.kiwi.com/recruitment-privacy-policy/.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Categories:
Compliance Jobs
Security Engineering Jobs
Tags: Audits Automation Cloud Compliance GCP Governance ISO 27001 Monitoring NIS2 Privacy Risk management SOC 2
Perks/benefits: Career development Flex hours Flex vacation Health care Insurance Relocation support Salary bonus Startup environment
Region:
Europe
Country:
Spain
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsSenior Security Analyst jobsProduct Security Engineer jobsSenior Cloud Security Engineer jobsSenior Cybersecurity Engineer jobsSystems Administrator jobsSystems Engineer jobsSenior Information Security Analyst jobsInformation Security Manager jobsSenior Network Security Engineer jobsIT Security Engineer jobsCyber Security Specialist jobsChief Information Security Officer jobsIT Security Analyst jobsSecurity Consultant jobsSecurity Specialist jobsInformation System Security Officer (ISSO) jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Information Security Engineer jobsSenior Cyber Security Engineer jobsSenior Product Security Engineer jobsThreat Intelligence Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobs
SaaS jobsTS/SCI jobsBash jobsEncryption jobsEDR jobsThreat detection jobsIDS jobsMalware jobsSplunk jobsIPS jobsTerraform jobsSDLC jobsTop Secret jobsFinance jobsSQL jobsForensics jobsDocker jobsRMF jobsIntrusion detection jobsSOC 2 jobsCompTIA jobsITIL jobsOWASP jobsActive Directory jobsDoDD 8570 jobs
GIAC jobsAnsible jobsVPN jobsTCP/IP jobsHIPAA jobsSANS jobsUNIX jobsIT infrastructure jobsSOAR jobsSAP jobsData Analytics jobsClearance Required jobsCRISC jobsCCSP jobsOSCP jobsPolygraph jobsMITRE ATT&CK jobsJira jobsJavaScript jobsMachine Learning jobsBanking jobsSOX jobsSecurity strategy jobsDNS jobsNIST 800-53 jobs