Security Compliance

Join to apply for the Security Compliance & Privacy Lead role at Tunstall Healthcare Group We are recruiting for a Security Compliance & Privacy Lead , reporting to the Head of Governance, Risk & Compliance, to lead the development, implementation and continuous evolution of Tunstall’s information security policies, standards and control framework across all geographies and business units, ensuring alignment with international compliance standards and regulatory requirements. This is a great time to join Tunstall as we embark on an exciting period of transformation. You will be joining a recently created and growing global Information Security team within Tunstall and play a key part in the success of this transformation. Location: Madrid office on a hybrid basis. We are also happy to consider someone who lives within commuting distance of our UK Head office (Whitley, DN14 0HR) or Hyllie (Malmo, Sweden) site. What we’re about Tunstall is a market‑leading health and care technology provider. We’re passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of more than 3,000 colleagues delivers life‑saving and life‑changing technology and services to millions of people in 18 different countries. We champion diversity and inclusion in all stages of our journey. What will you be doing in this role? The role acts as the subject‑matter expert and advisor on information security compliance and regulatory matters (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR and other applicable frameworks), ensuring Tunstall’s security posture aligns with current and emerging regulatory requirements across all operating regions. Ideal candidate Significant experience working as a policy owner and partnering with Data Protection Officers (DPOs). Strong understanding of Spanish local information security regulations and experience running/managing both internal and external audits. What we offer Hybrid working Competitive salary + potential bonus Learning and growth through access to a Talent Library with over 800 courses, Udemy, or O’Reilly learning platforms A warm and welcoming team environment and a chance to build a rewarding career Key tasks Define and develop the information security policy framework for Tunstall, ensuring all policies, standards and procedures are current, comprehensive and aligned with international best practices and regulatory requirements across all regions and business units. Maintain a deep and current knowledge of existing and emerging regulatory requirements and compliance standards applicable to Tunstall, advising and influencing all geographies, business units and stakeholders to align with these requirements and supporting the compliance roadmap. Design and develop the information security control framework based on industry standards and Tunstall's regulatory requirements, defining controls, control objectives, and mapping them to relevant policies and standards to ensure comprehensive coverage of security risks and compliance needs. Track, coordinate, and manage an overarching view of internal and external audits across all countries and regions, ensuring required resources are allocated, audit timelines are met, and findings are consolidated into coherent reports. Organise and actively participate in audit activities across regions, serving as the point of contact to ensure audit scopes, procedures and documentation standards are consistent and aligned with established protocols. Monitor and report on compliance and effectiveness of controls within the Tunstall security control framework across all regions, identify control gaps and develop remediation strategies with the Regional Information Security Officers and business stakeholders. Prepare and present comprehensive reports on compliance status, audit findings, control effectiveness, remediation progress and other KPIs to senior stakeholders. Key skills and experience Proven experience in information security compliance, audit or closely related roles in complex, multinational organisations. Proven experience managing security compliance programmes and building or evolving security control frameworks in multinational environments. Deep understanding of information security standards and regulatory frameworks (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR and others relevant to Tunstall’s operating regions). Proven experience coordinating and leading audit activities (internal and external) across multiple geographies. Experience developing and maintaining information security policies, standards, and procedures. Excellent written and verbal communication skills with the ability to convey complex compliance and control concepts to both technical and non‑technical stakeholders. Strong stakeholder management and influencing capabilities in multicultural, complex organisational environments. Ability to manage complexity and make sound decisions with limited information or under uncertainty. Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Mathematics, Business Administration, Law or a related field. English: CEFR C1. Required competencies Process‑oriented, methodical and rigorous in approach. Attention to detail and passion for compliance accuracy. Stakeholder management and influencing capabilities. Collaboration and partnership in multicultural ecosystems. Analytical and problem‑solving mindset. Strategic thinker with ability to translate regulatory requirements into practical security controls and policies. Hunger for learning and staying current with the evolving compliance landscape. Self‑driven and able to work autonomously while maintaining strong communication with leadership. Desirable skills and experience Professional certifications such as CISA, CRISC, ISO 27001 Lead Auditor or similar compliance/control‑focused credentials. Experience with GRC tools and platforms. Experience in healthcare, critical infrastructure, or regulated industries. Equal Opportunities At Tunstall, we’re committed to building a team that reflects the diversity of the communities we serve. We welcome applications from people of all backgrounds, experiences, and abilities, and we celebrate the unique strengths each colleague brings. Our recruitment process is open, fair and inclusive, and we’re dedicated to providing any reasonable adjustments you may need to thrive. Job details Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology and Management Industry: Hospitals and Health Care #J-18808-Ljbffr