Senior Risk Management Specialist

Date: Jan 13, 2026Location: Barcelona, B, ES, 08022Functional Area: RemoteSyntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world‑class monitoring and automation, Syntax serves some of North America’s largest corporations across a diverse range of industries. Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.Enterprise and Security Risk Manager (m/f/d)Position SummaryThe Enterprise and Security Risk Manager (m/f/d) will be responsible for enhancing our strategic risk alignment and fostering a risk‑aware culture across our organization; this role will play a pivotal part in executing our established Enterprise Risk Management (ERM) framework, to ensure risks are proactively identified, assessed, and managed. In addition to enterprise‑level risk activities, the specialist will support the Security Risk Management process, helping to maintain alignment between enterprise and information security risks, ensuring both are tracked, communicated, and addressed effectively across the organization.ResponsibilitiesConduct risk interviews and perform detailed risk assessments across all risk categories (e.g., IT, security, operations, finance, legal, HR, etc.) to identify and prioritize strategic risks.Support Enterprise Risk Management (ERM) activities by contributing to risk assessments, risk treatment planning, and monitoring mitigation progress.Advise on the development of risk treatment plans, collaborating with stakeholders to ensure effective mitigation strategies.Contribute to the Security Risk Management process by coordinating security risk assessments, documenting risk scenarios, evaluating likelihood and impact, and maintaining alignment with the ERM process.Prepare and deliver quarterly risk reports and presentations to the senior executive leadership team, aligning insights with organizational objectives.Foster a risk‑aware culture by promoting open dialogue and transparency around risk identification and management across all departments.Collaborate with all departments, across all regions, to integrate risk management into business processes and decision‑making.Stay current with industry standards (e.g., COSO, ISO 31000, ISO 27005, NIST SP 800‑30) to ensure best practices in risk management.Coordinate with GRC during internal and external audits by preparing evidence, ensuring timely responses, and tracking corrective actions to closure.Develop and deliver governance and policy‑related training to business units, functional leaders, and technical teams.Translate technical requirements into control language that auditors and business leaders can understand.Provide input into risk metrics by maintaining dashboards, contributing data points, and preparing summaries for management and stakeholders.Required Skills and ExperienceMinimum of 5 years in Enterprise Risk Management or related risk management roles, ideally within industries such as IT, security, operations, or finance. Professional experience outside of risk management in one of these areas is also a plus.Strong understanding of strategic risk management and industry frameworks (COSO, ISO 31000, ISO 27005, NIST SP 800‑30).Solid knowledge of regulatory frameworks and standards (ISO 27001, SOC 2, NIST CSF, GDPR, etc.).Proven ability to foster a culture of openness and accountability in risk management.Practical experience preparing audit evidence, supporting assessments, and tracking corrective actions to closure.Analytical, problem‑solving, and critical thinking skills, with eagerness to continuously learn.Exceptional communication and presentation skills, with the ability to distil complex risk insights into clear, actionable reports.Collaborative, self‑motivated, and adaptable, with a big‑picture mindset and a tenacious, result‑driven approach.Professional certifications: CRISC certification strongly preferred. Additional certifications such as ISO 27001 Lead Implementer/Lead Auditor or ISO 27005 Lead Risk Manager are an advantage.English fluency + Spanish fluency (written and spoken)Key TechnologiesRisk and Governance Platforms: ServiceNow (GRC module), SharePoint, or equivalent tools for tracking, workflow management, and evidence collection.Data and Reporting: Microsoft Excel, Power BI, or similar platforms for risk dashboards and reporting.Security Tools (for context gathering): familiarity with systems such as Qualys, Tenable, Splunk, or Sentinel to support integration of technical risk data.Collaboration Tools: Microsoft Teams, Confluence, and other documentation or communication platforms.Mandatory Legal RequirementsNationality or Work Authorization: Spanish or Portuguese nationality, or alternatively a permanent work permit/VISA for Spain or Portugal.Why Syntax?Global tourist: With us, you can also work from abroad from time to timeFlexible working time models, home officeAttractive benefits, e.g. various health offersA modern environment in which the "you" is part of itOpen feedback culture, flat hierarchies and a motivated teamIndividual career planning with continuous training and coaching on the jobFlexible hours, Monday to Thursday 8h, and Fridays... 6h. In addition, the whole month of August and the first half of September we have an intensive timetable. 28 days holiday (23 days holiday + 4 days at Christmas from 15 December to 15 January + 1 day for your birthday)Windows laptop for work (Dell or Lenovo)Apple or Android smartphone...you chooseTwo lovely offices with a nice garden to relax and have a coffeeFree coffee and soft drinksMedical insurance with SanitasTraining: Free AWS and SAP certifications, internal workshops and free access to Linkedin E‑learningFree online English, German, Spanish or French classes through a platformYou see a personal challenge in this responsible task? Apply now - and become part of the SYNTAX teamCopyright 2023 Syntax, All Rights Reserved#J-18808-Ljbffr