IT Risk & Compliance Specialist
Tasks
- Assess EU AI Act applicability for vendor AI services
- Conduct vendor security due diligence
- Develop and deliver security awareness training
- Draft review approve and publish ISMS policies
- Identify assess and treat security risks
- Lead gap assessments for ISO 27001 and SOC 2
- Maintain information security risk management plan
- Maintain risk register and manage risk acceptance
- Maintain version control and documentation accuracy
- Manage ISMS documentation lifecycle
- Manage audit nonconformity remediation
- Manage vendor rescreening
- Monitor ISMS compliance requirements
- Oversee internal external ISMS audits
- Perform ongoing vendor security monitoring
- Prepare compliance reporting materials
- Produce DDQ analysis reports
- Respond to client due diligence questionnaires
- Support SOC 2 Type II audit cycle
- Support security awareness vendor management and quality monitoring
- Track security metrics and ISMS performance
- Triage compliance service requests
Perks/Benefits
- N/A
Skills/Tech-stack
AI Act | Confluence | Conformity Management | Cybersecurity Framework | Documentation Management | EU AI | EU AI Act | GDPR | GRC | ISMS | ISO 27001 | ISO 27005 | Information Security Governance | Information security | Jira | Jira Service | Jira Service Management | Jira Work Management | MAGERIT | NIST Cybersecurity | NIST Cybersecurity Framework | Policy writing | Python | Risk Assessment | Risk Management | SOC 2 | Security Governance | Security Policy | Security Policy Writing | Service Management | Third Party | Third Party Risk Assessment | Third-Party Risk | Vanta | Vendor Risk | Vendor risk management | Work Management
Education
N/A
Related jobs
-
AWS | Cloud Security | Cloud platform | Compliance Management | Compliance documentationAnnual company retreat | Coworking access | Fully remote | Health insurance | Home-office allowanceSenior-level Full TimeSpain R10h ago
-
IT Security Engineer EUR 61K-76K800-53 | AWS | Access Management | Azure | Change ManagementEqual opportunity employer | Global innovation hub | Remote N/AMid-level Full TimeMadrid, Community of Madrid, Spain2d ago
-
Incident Response Technology Risk & Cybersecurity Specialist - Santander Digital Services EUR 19K-19KCrowdStrike | DLP | Data Loss Prevention | Data Protection | Data lossChildcare support | Continuous learning courses | Employee discounts and offers | Flexible working hours | Gym accessEntry-level Full TimeJUAN IGNACIO LUCA DE TENA-PLANTA PRIMERA, …5d ago
-
Senior GRC & Security Assurance Specialist EUR 60K-84K800-53 | Archer | Assurance testing | Audit Readiness | Control mappingComprehensive benefits | Growth opportunities | Hybrid remote or in office flexibility | Inclusive respectful culture | Leadership visibilitySenior-level Full TimeSpain; Portugal; Poland; Romania; Serbia; Czechia7d ago
-
Vulnerabilities SME Remediation Specialist EUR 33K-38KAnsible | Backend Support | Bash | CI/CD | Git100% remote work | Autonomy | Career growth | Flexible schedule | International client exposureMid-level Full TimeEspaña Remoto, España R9d ago
-
Business Application Security Specialist EUR 68K-81KAccess Control | Access Management | Access Review | Access monitoring | Authentication ServiceSenior-level Full TimeMadrid, Spain11d ago
-
Cybersecurity Assurance Specialist EUR 35K-48KAudit planning | Cyber Essentials | Cybersecurity | Cybersecurity Auditing | ENSMid-level Full TimeParets del Valles, ES R11d ago
-
Cybersecurity Governance Specialist EUR 39K-52KCyber Essentials | Cybersecurity | Cybersecurity Awareness | Cybersecurity frameworks | Cybersecurity governanceMid-level Full TimeParets del Valles, ES R11d ago
-
Administrador/a Active Directory EUR 35K-40KAD CS | Access Control | Active Directory | Active Directory Domain | Active Directory Domain ServicesBirthday holiday | Childcare support | Discounts on services | Flexible compensation plan | Hybrid workExecutive-level Full TimeBarcelona, Spain12d ago
-
Manager IT Threat and Vulnerability - Madrid EUR 55K-75KCybersecurity | IP Range Validation | Information security | Nessus | QualysFlexible hours | Hybrid work | On-site medical services | Positive work culture | Training and developmentMid-level Full TimeMadrid, ES12d ago
-
Associate IAM Specialist EUR 42K-67KAPIs | Access Control | Access Management | Authentication | AuthorizationAdditional paid time off | Fitness and wellness membership discounts | Language learning apps | Premium banking subscription | Professional development budgetMid-level Full TimeBarcelona13d ago
-
Information Security Risk Specialist (f/m/d) GBP 48K-70KControl Framework | English communication | GRC | Horizon scanning | HyperproofFlexi-Office | Flexi-Week | Hybrid work | Paid special leaves | Remote working allowanceMid-level Full TimeAmsterdam, North Holland, Netherlands; Berlin, Berlin, …13d ago
-
Vulnerability and Exposure Management Specialist EUR 66K-90KAWS | Active Directory | Application Architecture | Application Scanning | Application vulnerability remediationSenior-level Full TimeBarcelona, ES18d ago
-
Data Integrity | ESEF | Financial Reporting | GRC | Governance RiskContinuous training | Health insurance | Meal tickets | Transportation support | Wellbeing programEntry-level Full TimeMadrid - Paseo de la Castellana …20d ago
-
IT Support / Sysadmin & Cybersecurity Intern EUR 18K-27KAccess Management | Bash | CIS Benchmarks | DNS | Device ManagementFlexible working hours | Mentorship | Remote work opportunityEntry-level InternshipSales Layer Valencia22d ago
-
AWS | Audit | Cloud Security | Compliance | Information securityFlexible working hours | Inclusion and diversity focus | Mentorship and career growth | Work-life balanceSenior-level Full TimeMadrid, Community of Madrid, ESP25d ago
-
AWS | Audit | Cloud Security | Compliance | Continuous ImprovementCareer growth | Flexible working hours | Mentorship | Work-life balanceSenior-level Full TimeMadrid, Community of Madrid, ESP25d ago
-
Consultor GRC Tech EUR 40K-50KAPI Integration | Business Intelligence | Continuous integration | Databases | DatalakesMid-level Full TimeMadrid, ES, 2804626d ago
-
Account Management | Active Directory | Ansible | Automation | Automation monitoringCollective transport service | Development prospects | Employee stock options | Flexible working arrangements | Free canteenMid-level Full TimeAlbacete, Spain R26d ago
-
Governance Risk and Compliance (GRC) Specialist EUR 46K-61K800-37 | 800-53 | COBIT | CSF 2.0 | Compliance AutomationSenior-level Full TimeSant Just Desvern, B, ES, 089601mo ago
-
Senior-level Full TimeSant Just Desvern, B, ES, 089601mo ago
-
HQ - GRC Lead EUR 60K-75KAWS | Audit Readiness | Audit management | Cloud Security | Cloud platformSenior-level Full TimeMadrid HQ, ES1mo ago
-
Cyber Security Specialist EUR 30K-33KBy Design | Control Systems | IEC 62443 | ISO 27001 | ISO 27002Mid-level Full TimeMadrid, M, ES, 280331mo ago
-
Regional Information Security Officer EUR 65K-65KCOBIT 2019 | Cloud Security | Compliance reporting | Contractual Security Provisions | GovernanceDigital learning | Employee discounts | Employee shares | Flexible working | Health and wellbeing programsSenior-level Full TimeBARCELONA, B, ES, 080051mo ago
-
Especialista en DFIR EUR 35K-40KBash | Digital forensics | EDR | Forensic Investigation | IDS/IPSChildcare | Flexible benefits | Hybrid work | Meal vouchers | Medical insuranceMid-level Full TimeMadrid, MD, Spain1mo ago