Senior Grc Security Engineer
hace 1 mes
Company Description We are SGS – the world's leading testing, inspection and certification company.
We are recognized as the global benchmark for sustainability, quality and integrity.
Our 99,600 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.
Job Description The Senior GRC Security Engineer will be part of the Technical Security Office (TSO) and will play a critical role in protecting the organization's assets, ensuring regulatory compliance, and managing cyber risk.
Specific responsibilities: Implementation and monitoring of security controls: manage the technical security architecture of the organization, implement protective measures, and ensure their effectiveness across the IT environment.
Development of security policies and procedures: create, review, and update security policies, procedures, and hardening guides to ensure regulatory compliance and best practices.
Support for customer assessments: provide support for customer-requested security evaluations, ensuring alignment with the organization's security standards.
Management of security exceptions: evaluate, manage, and document security exception requests, ensuring associated risks are appropriately controlled.
Support to business and IT on security requirements: advise business and IT areas on matters related to information security requirements, ensuring that controls are effective and integrated into operational processes.
Support for third-party audits: Collaborate on external and internal audits, including ISO 27001 certification audits, financial audits, ITGC (IT General Controls), and other compliance reviews related to information security.
Projects: security assessments, findings, product evaluations, propositions for further system security enhancement & S-SDLC.
Compliance and audits: Ensure compliance with information security regulations (ISO 27001, GDPR, NIST, NIS2, IA EU Act, etc) and assist in internal and external audits.
Governance and risk management: participate in the development and review of security policies, as well as in the identification, assessment, and mitigation of cybersecurity risks.
Evaluation of security technologies: participate in the assessment of security technologies, identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure.
Collaboration across departments: work with IT, Development, Business lines and Human Resources departments to ensure that security controls are effective and that policies are correctly applied.
Business continuity: design and document business continuity strategies to minimize disruptions in operations due to unforeseen incidents, such as cyber-attacks, natural disasters, or system failures, ensure BCP aligns with organizational risk management strategies and regulatory requirements.
Select training content and lead awareness campaigns and monitor compliance across the organization.
Dashboards creation and KPI tracking: develop security dashboards and monitor key security performance indicators (KPIs) to track the effectiveness of security controls and identify areas for improvement.
Ensure policies help meet compliance with regulatory requirements, including but not limited to ISO 27001, GDPR, SOC2, etc.
Conduct assessments to identify gaps and make sound recommendations for improvement.
Identify acceptable levels of residual risk, and assist with action plans, policy and procedural changes for risk mitigation.
Prepares documentation, presentations and lead discussions with management regarding policy effectiveness and prepares reports to management communicating results including recommendations to IT Policies to help improve technology and business practices.
Qualifications Please submit English CV The ideal person enjoys security work and possesses expertise in the security space, both in depth and in width.
Should be quite confident, very curious, extremely open minded and eager to learn and grow in the cyber security area.
Qualifications & soft skills Bachelor's degree in computer information systems, Information Technology or related field; Certifications in information security (CISSP, CISM, ISO 27001 Lead Auditor/Implementer, CRISC) are highly desired; At least 3-5 years of experience in a similar information security role, preferably within a technical or internal security office environment; Advanced knowledge of cybersecurity regulations: Experience with frameworks such as ISO 27001, NIST, PCI-DSS, GDPR, among others.
Ability to manage compliance audits and GRC (Governance, Risk, and Compliance) reporting; Lead Auditor 27001, CISA, CISSP qualifications would be desirable; Technical knowledge of network, databases and operating system security and understanding of the latest security principles, techniques, concepts and protocols; Training and awareness in security governance, risk, and compliance; Knowledge in the following areas: operating systems, applications, operations (batch processing, monitoring) networking and telecommunications, databases, and logical security; Ability to work independently as well as being a team player, in a fast-paced and international environment; Ability to manage multiple projects concurrently and work under pressure; Strong problem solving and innovative and critical thinking; Fluent in English; knowledge of other languages would be a plus; Proficient in MS Office tools (Excel, Word, PowerBi etc.).
Additional Information This position is based in our office in Madrid and is an excellent entry point into SGS and will open up opportunities to career development within the Group.
#J-18808-Ljbffr
-
Senior Security Engineer
hace 6 meses
Barcelona, España Back Market A tiempo completoBack Market is the world’s leading refurbished electronics marketplace with a team of more than 650, powering operations in 16 countries (and counting!). - Back Market is undergoing meteoric growth and has raised $884 million, with a valuation of $5.7 billion. Our mission is simple: empowering people to buy tech sustainably by offering folks a...
-
Security Engineer
hace 6 meses
Barcelona, España Glovo A tiempo completo**Not your usual app**. We are the fastest-growing multi-category app connecting millions of users with businesses, and couriers, offering on-demand services from more than 170,000 local restaurants, grocers and supermarkets, and high street retail stores. We operate in more than 1500 cities across 25 countries. We have a vision**:To give everyone easy...
-
Cybersecurity Specialist GRC
hace 3 semanas
Barcelona, Barcelona, España Back Market A tiempo completoJoin Our Cybersecurity TeamAt Back Market, we're committed to empowering people to buy tech sustainably. Our mission is to make it easy for everyone to choose refurbished electronics, reducing waste and lower our collective environmental impact. As a Senior Security Engineer GRC, you'll play a critical role in helping us achieve this goal.Key...
-
Barcelona, España Tui A tiempo completo.ABOUT THE JOBAs a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.G. GDPR) and have a view on how delivery and tracking of compliance actions...
-
Barcelona, España Tui A tiempo completo.ABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.G. GDPR) and have a view on how delivery and tracking of compliance...
-
Barcelona, España TUI A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions...
-
Barcelona, España Tui A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions...
-
Barcelona, España Tui A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes.You will have knowledge and practical experience of regulatory compliance activities (e.g.GDPR) and have a view on how delivery and tracking of compliance actions...
-
Barcelona, España Tui A tiempo completoABOUT THE JOBAs a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions...
-
Barcelona, España Tui A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes.You will have knowledge and practical experience of regulatory compliance activities (e.g.GDPR) and have a view on how delivery and tracking of compliance actions...
-
Senior Grc Analyst
hace 6 meses
Barcelona, España Clarivate A tiempo completoWe are looking for an **Information Security Specialist** to join our **Information Security **team in Barcelona. This is an amazing opportunity to became part of Clarivate’s of Governance, Risk and Compliance (GRC) team, that is working cross company at all levels. This position will be responsible for maintaining and reporting on compliance activities...
-
Senior Grc Analyst
hace 6 meses
Barcelona, España Preply A tiempo completo**At Preply, we are unlocking human potential through learning.**: We believe learning with a great tutor is life-changing. That's why we match online tutors from across the globe with learners and empower them to create live language classes with AI-powered tools and learning materials. This is how we deliver progress, create engagement and keep our global...
-
Grc Solutions Senior Analyst
hace 3 semanas
Barcelona, España Amadeus A tiempo completoGRC Solutions Senior Analyst - Archer IRM GRC Solutions Senior Analyst - Archer IRM Job Title Job Title GRC Solutions Senior Analyst - Archer IRMSummary of the roleThe GRC (Governance, Risk and Compliance) Solutions Senior Analyst is responsible for defining, building, delivering, and maintaining Risk Management applications in alignment with the...
-
Senior Application Security Engineer
hace 1 mes
Barcelona, España Mygwork A tiempo completo.Senior Application Security Engineer Barcelona This job is with Oracle, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.As a Senior Application Security Engineer with a focus on Incident Investigation, you will be part of the Product Security team...
-
Senior Staff Offensive Security Engineer
hace 1 semana
Barcelona, España Werfenlife Sa. A tiempo completo.Senior Staff Offensive Security Engineer This position is part of the Security Group with worldwide responsibility for cybersecurity for IT, business systems, the network which extends to affiliates as well as security of products and services. As a Senior Staff Offensive Security Engineer, you will lead and mentor a team of security engineers, driving...
-
Senior Application Security Engineer
hace 1 mes
Barcelona, España Mygwork A tiempo completo.Senior Application Security Engineer Barcelona This job is with Oracle, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. As a Senior Application Security Engineer with a focus on Incident Investigation, you will be part of the Product Security team...
-
Senior Staff Offensive Security Engineer
hace 1 semana
Barcelona, España Werfenlife Sa. A tiempo completo.Senior Staff Offensive Security Engineer This position is part of the Security Group with worldwide responsibility for cybersecurity for IT, business systems, the network which extends to affiliates as well as security of products and services. As a Senior Staff Offensive Security Engineer, you will lead and mentor a team of security engineers, driving...
-
Security Engineer
hace 3 semanas
Barcelona, España Werfenlife Sa. A tiempo completo.The Senior Security Engineer plays a role in identifying, assessing and mitigating vulnerabilities in the organization's systems, networks, and applications. This role involves conducting comprehensive technical assessments, defining security requirements for new systems, and integrating security measures throughout the system development lifecycle. The...
-
Security Engineer
hace 3 semanas
Barcelona, España Werfenlife Sa. A tiempo completo.The Senior Security Engineer plays a role in identifying, assessing and mitigating vulnerabilities in the organization's systems, networks, and applications. This role involves conducting comprehensive technical assessments, defining security requirements for new systems, and integrating security measures throughout the system development lifecycle. The...
-
Security Engineer
hace 3 semanas
Barcelona, España Werfenlife Sa. A tiempo completoThe Senior Security Engineer plays a role in identifying, assessing and mitigating vulnerabilities in the organization's systems, networks, and applications. This role involves conducting comprehensive technical assessments, defining security requirements for new systems, and integrating security measures throughout the system development lifecycle. The...
