We are looking for an experienced Senior Information Security Manager to join our team and lead our efforts in ensuring robust security compliance across our Saa S platform. As we are in the process of building our Information Security team, the selected candidate will be among the first members, playing a key role in shaping its foundation. The ideal candidate will have extensive experience with SOC 2 compliance, including developing, implementing, and managing security policies and procedures in alignment with industry standards. This role will also involve collaborating with cross-functional teams to establish best practices and ensure that security controls are continuously monitored and improved.

Requirements

• Maintain and Adapt Security Policies: Maintain, adapt, and enforce security policies and procedures in alignment with SOC 2 and GDPR standards. Implement necessary tools and processes for continuous compliance monitoring and enforcement.
• Ensure SOC 2 Compliance: Oversee SOC 2 compliance efforts using Drata, including managing evidence collection, control monitoring, and ensuring audit readiness.
• Oversee and Enhance AWS Security:
  Implement AWS security best practices, including Identity and Access Management (IAM), encryption, and monitoring via AWS tools such as Cloud Trail and Cloud Watch.
• Lead Incident Response:
  Manage security incident response processes, including detection, investigation, mitigation, and remediation of security threats.
• Oversee Vulnerability and Access Management:
  Conduct regular vulnerability assessments and manage access controls to ensure secure system configurations.
• Handle GDPR Compliance:
  Implement GDPR-compliant data protection measures, manage data subject requests, and handle breach notifications in compliance with regulatory requirements.
• Coordinate with Stakeholders:
  Collaborate with IT, development, and other cross-functional teams to implement security measures, and regularly communicate compliance and security status to senior management.

Minimum requirements

• A Bachelor’s degree in Computer Science or a related field
• 5+ years of information security experience
• Extensive experience in managing SOC 2 and GDPR compliance for an organization. This includes hands-on experience with implementing and maintaining security controls, overseeing audits, and ensuring adherence to both SOC 2 and GDPR regulatory requirements
• Experience in using compliance automation platform Drata or other similar tools
• Proficiency in AWS services and best practices
• Strong understanding of security protocols, systems, and frameworks (e.g., ISO 27001, NIST, SOC2, GDPR).
• Fluent in English

Bonus points

• Relevant certifications (e.g., CISSP or CISM)
• Building and scaling Security teams from the ground up

Benefits

• A salary above Spain-average for this position
• Flexible working hours
• Hybrid approach: choose which days you work from home or at the office
• 11€ per day meal allowance + food and snacks at the office (and paellas!)
• Private health
• Private pension (company doubles your savings)
• Best equipment: choose between Mac or Linux
• Frequent training, budget for conferences, OReilly subscription
• Access to Urban Sports
• International environment (over 25 nationalities), with 50% of our leaders being women, and almost 50% of our tech team too
• Working in a climate-tech startup, helping corporations to identify ESG risks