Title Enterprise and Security Risk Manager

Enterprise and Security Risk Manager (m/f/d) Location: Barcelona, Catalonia, Spain Join Syntax México, a leading Managed Cloud Provider since 1972. We implement and manage ERP deployments (Oracle, SAP) in secure, resilient private, public, or hybrid clouds. With strong consulting services and world‑class monitoring, we support some of North America’s largest corporations across diverse industries. Position Summary The Enterprise and Security Risk Manager will enhance strategic risk alignment and foster a risk‑aware culture across the organization. The role will execute our Enterprise Risk Management (ERM) framework, support the Security Risk Management process, and ensure enterprise and information security risks are tracked, communicated and addressed effectively. Responsibilities Conduct risk interviews and perform detailed risk assessments across all risk categories (e.g., IT, security, operations, finance, legal, HR, etc.) to identify and prioritize strategic risks. Support Enterprise Risk Management (ERM) activities by contributing to risk assessments, risk treatment planning, and monitoring mitigation progress. Advise on the development of risk treatment plans, collaborating with stakeholders to ensure effective mitigation strategies. Contribute to the Security Risk Management process by coordinating security risk assessments, documenting risk scenarios, evaluating likelihood and impact, and maintaining alignment with the ERM process. Prepare and deliver quarterly risk reports and presentations to the senior executive leadership team, aligning insights with organizational objectives. Foster a risk‑aware culture by promoting open dialogue and transparency around risk identification and management across all departments. Collaborate with all departments, across all regions, to integrate risk management into business processes and decision‑making. Stay current with industry standards (e.g., COSO, ISO 31000, ISO 27005, NIST SP 800‑30) to ensure best practices in risk management. Coordinate with GRC during internal and external audits by preparing evidence, ensuring timely responses, and tracking corrective actions to closure. Develop and deliver governance and policy‑related training to business units, functional leaders, and technical teams. Translate technical requirements into control language that auditors and business leaders can understand. Provide input into risk metrics by maintaining dashboards, contributing data points, and preparing summaries for management and stakeholders. Required Skills And Experience Minimum of 5 years in Enterprise Risk Management or related risk management roles, ideally within IT, security, operations or finance. Professional experience outside of risk management in one of these areas is also a plus. Strong understanding of strategic risk management and industry frameworks (COSO, ISO 31000, ISO 27005, NIST SP 800‑30). Solid knowledge of regulatory frameworks and standards (ISO 27001, SOC 2, NIST CSF, GDPR, etc.). Proven ability to foster a culture of openness and accountability in risk management. Practical experience preparing audit evidence, supporting assessments, and tracking corrective actions to closure. Analytical, problem‑solving and critical thinking skills, with eagerness to continuously learn. Exceptional communication and presentation skills, with the ability to distil complex risk insights into clear, actionable reports. Collaborative, self‑motivated, and adaptable, with a big‑picture mindset and a tenacious, result‑driven approach. Professional certifications: CRISC certification strongly preferred. Additional certifications such as ISO 27001 Lead Implementer/Lead Auditor or ISO 27005 Lead Risk Manager are an advantage. English fluency + Spanish fluency (written and spoken). Key Technologies Risk and Governance Platforms: ServiceNow (GRC module), SharePoint, or equivalent tools for tracking, workflow management, and evidence collection. Data and Reporting: Microsoft Excel, Power BI, or similar platforms for risk dashboards and reporting. Security Tools (for context gathering): familiarity with systems such as Qualys, Tenable, Splunk, or Sentinel to support integration of technical risk data. Collaboration Tools: Microsoft Teams, Confluence, and other documentation or communication platforms. Mandatory Legal Requirements Nationality or Work Authorization: Spanish or Portuguese nationality, or permanent work permit/visa for Spain or Portugal. Why Syntax? Competitive, above‑average compensation Global tourist: With us, you can also work from abroad from time to time Flexible working time models, home office Attractive benefits, e.g. various health offers A modern environment in which the \"you\" is part of it Open feedback culture, flat hierarchies and a motivated team Individual career planning with continuous training and coaching on the job Benefits Flexible hours, Monday to Thursday 8h, and Fridays 6h. In addition, the whole month of August and the first half of September we have an intensive timetable. 28 days holiday (23 days holiday + 4 days at Christmas from 15 December to 15 January + 1 day for your birthday). Windows laptop for work (Dell or Lenovo). Apple or Android smartphone, you choose. Two lovely offices with a nice garden to relax and have a coffee. Free coffee and soft drinks. Kitchen facilities. Medical insurance with Sanitas. Training: Free AWS and SAP certifications, internal workshops and free access to LinkedIn E‑learning. Free online English, German, Spanish or French classes through a platform. Online Canteen 2.0. Seniority Level Mid‑Senior level Employment Type Full‑time Job Function Information Technology Industries IT Services and IT Consulting Apply now and become part of the SYNTAX team #J-18808-Ljbffr