Senior GRC Security Engineer
hace 3 semanas
Company Description
We are SGS – the world's leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.
Job Description
The Senior GRC Security Engineer will be part of the Technical Security Office (TSO) and will play a critical role in protecting the organization’s assets, ensuring regulatory compliance, and managing cyber risk.
Specific responsibilities:
Implementation and monitoring of security controls: manage the technical security architecture of the organization, implement protective measures, and ensure their effectiveness across the IT environment.
Development of security policies and procedures: create, review, and update security policies, procedures, and hardening guides to ensure regulatory compliance and best practices.
Support for customer assessments: provide support for customer-requested security evaluations, ensuring alignment with the organization’s security standards.
Management of security exceptions: evaluate, manage, and document security exception requests, ensuring associated risks are appropriately controlled.
Support to business and IT on security requirements: advise business and IT areas on matters related to information security requirements, ensuring that controls are effective and integrated into operational processes.
Support for third-party audits: Collaborate on external and internal audits, including ISO 27001 certification audits, financial audits, ITGC (IT General Controls), and other compliance reviews related to information security.
Projects: security assessments, findings, product evaluations, propositions for further system security enhancement & S-SDLC.
Compliance and audits: Ensure compliance with information security regulations (ISO 27001, GDPR, NIST, NIS2, IA EU Act, etc) and assist in internal and external audits.
Governance and risk management: participate in the development and review of security policies, as well as in the identification, assessment, and mitigation of cybersecurity risks.
Evaluation of security technologies: participate in the assessment of security technologies, identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure.
Collaboration across departments: work with IT, Development, Business lines and Human Resources departments to ensure that security controls are effective and that policies are correctly applied.
Business continuity: design and document business continuity strategies to minimize disruptions in operations due to unforeseen incidents, such as cyber-attacks, natural disasters, or system failures, ensure BCP aligns with organizational risk management strategies and regulatory requirements.
Select training content and lead awareness campaigns and monitor compliance across the organization.
Dashboards creation and KPI tracking: develop security dashboards and monitor key security performance indicators (KPIs) to track the effectiveness of security controls and identify areas for improvement.
Ensure policies help meet compliance with regulatory requirements, including but not limited to ISO 27001, GDPR, SOC2, etc.
Conduct assessments to identify gaps and make sound recommendations for improvement. Identify acceptable levels of residual risk, and assist with action plans, policy and procedural changes for risk mitigation.
Prepares documentation, presentations and lead discussions with management regarding policy effectiveness and prepares reports to management communicating results including recommendations to IT Policies to help improve technology and business practices.
Qualifications
Please submit English CV
The ideal person enjoys security work and possesses expertise in the security space, both in depth and in width. Should be quite confident, very curious, extremely open minded and eager to learn and grow in the cyber security area.
Qualifications & soft skills
Bachelor’s degree in computer information systems, Information Technology or related field;
Certifications in information security (CISSP, CISM, ISO 27001 Lead Auditor/Implementer, CRISC) are highly desired;
At least 3-5 years of experience in a similar information security role, preferably within a technical or internal security office environment;
Advanced knowledge of cybersecurity regulations: Experience with frameworks such as ISO 27001, NIST, PCI-DSS, GDPR, among others. Ability to manage compliance audits and GRC (Governance, Risk, and Compliance) reporting;
Lead Auditor 27001, CISA, CISSP qualifications would be desirable;
Technical knowledge of network, databases and operating system security and understanding of the latest security principles, techniques, concepts and protocols;
Training and awareness in security governance, risk, and compliance;
Knowledge in the following areas: operating systems, applications, operations (batch processing, monitoring) networking and telecommunications, databases, and logical security;
Ability to work independently as well as being a team player, in a fast-paced and international environment;
Ability to manage multiple projects concurrently and work under pressure;
Strong problem solving and innovative and critical thinking;
Fluent in English; knowledge of other languages would be a plus;
Proficient in MS Office tools (Excel, Word, PowerBi etc.).
Additional Information
This position is based in our office in Madrid and is an excellent entry point into SGS and will open up opportunities to career development within the Group.
#J-18808-Ljbffr
-
Senior GRC Security Engineer
hace 3 semanas
España SGS A tiempo completoSGSEnhancing warfighter support with AI: Streamlining sustainment and supply, empowering personnel, and informing leadership decisions.We are SGS – the world's leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices...
-
Senior GRC Security Engineer
hace 3 semanas
España SGS A tiempo completoCompany DescriptionWe are SGS - the world's leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices and laboratories, working together to enable a better, safer and more interconnected world.Job DescriptionThe Senior GRC...
-
Senior GRC Security Engineer @ SGS
hace 7 días
España Cyber Crime A tiempo completoSGS Enhancing warfighter support with AI: Streamlining sustainment and supply, empowering personnel, and informing leadership decisions.We are SGS – the world's leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 99,600 employees operate a network of 2,600 offices...
-
Global IT Security GRC Analyst
hace 3 semanas
España Axalta Coating Systems A tiempo completoJob Description:Axalta has remained at the forefront of the coatings industry by continually investing in innovative solutions. We engineer technologies that protect customers' products - whether they are battling heat, light, corrosion, abrasion, moisture, or chemicals - and add dimension and beauty with colorful finishes. We have a vast and ever-evolving...
-
España TUI A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions...
-
Global IT Security GRC Analyst
hace 3 semanas
España Axalta Coat. Sys. Spain A tiempo completoAxalta has remained at the forefront of the coatings industry by continually investing in innovative solutions. We engineer technologies that protect customers’ products – whether they are battling heat, light, corrosion, abrasion, moisture, or chemicals – and add dimension and beauty with colorful finishes. We have a vast and ever-evolving portfolio...
-
España TUI A tiempo completoABOUT THE JOB As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions...
-
GRC Expert
hace 3 semanas
España Santander A tiempo completoGRC Expert - Security (ODS) Country: Spain Open Digital Services is a tech company with a unique culture, dedicated to creating innovative products for Santander Group Affiliates. Open Digital Services is part of the Retail & Commercial Division of Santander Group, one of the world's largest financial institutions and the Eurozone's leader, we're committed...
-
Cloud Security Engineer
hace 3 semanas
España Bit2Me A tiempo completoVolver a la página principal Cloud Security Engineer Castelló de la Plana · Publicada el 18 de septiembre de 2024 Descripción ¿Te apasiona el reto de trabajar en el mundo cyber a través de la plataforma en la nube? ¿Quieres sumarte al exchange Nº1 en España? Sigue leyendo, porque en Bit2Me buscamos a alguien como tú para unirse a nuestro...
-
GRC Solutions Senior Analyst
hace 3 semanas
España Amadeus A tiempo completoGRC Solutions Senior Analyst - Archer IRM GRC Solutions Senior Analyst - Archer IRM Job Title Job Title GRC Solutions Senior Analyst - Archer IRMSummary of the roleThe GRC (Governance, Risk and Compliance) Solutions Senior Analyst is responsible for defining, building, delivering, and maintaining Risk Management applications in alignment with...
-
GRC Solutions Senior Analyst
hace 3 semanas
España Amadeus IT Group A tiempo completoGRC Solutions Senior Analyst - Archer IRMJob Title: GRC Solutions Senior Analyst - Archer IRMSummary of the roleThe GRC (Governance, Risk and Compliance) Solutions Senior Analyst is responsible for defining, building, delivering, and maintaining Risk Management applications in alignment with the Amadeus business strategy. This role will enable Amadeus’ DTS...
-
Senior Network Security Operations Engineer
hace 3 semanas
España Kapres Technology, S.L. A tiempo completoDesde Kapres Technology estamos buscando un Network Security Operations Engineer para trabajar con un cliente. Como Network Security Operations Engineer, desempeñará un papel fundamental para garantizar la estabilidad, integridad y seguridad de la infraestructura de red de la organización. Aprovechando su amplia experiencia y conocimientos en operaciones...
-
Especialista Senior en Ciberseguridad y GRC
hace 2 semanas
España Evolutio A tiempo completoEspecialista Senior en Ciberseguridad y GRCJornada CompletaEspañaProvincia:¿Te gustaría ser un "Superhéroe de la Nube"? Buscamos profesionales que quieran desarrollar los últimos "superpoderes" en nuestras tres áreas tecnológicas clave para dar respuesta a los retos digitales de nuestros clientes: Adopción Cloud, Experiencia Digital y Ciberseguridad...
-
GRC Solutions Senior Analyst
hace 3 semanas
España Amadeus A tiempo completoJob Title GRC Solutions Senior Analyst - Archer IRM Summary of the role The GRC (Governance, Risk and Compliance) Solutions Senior Analyst is responsible for defining, building, delivering, and maintaining Risk Management applications in alignment with the Amadeus business strategy. This role will enable Amadeus’ DTS area (Digital and Transformation...
-
Senior Cloud Application Security Engineer
hace 3 semanas
España Sportradar A tiempo completoSenior Cloud Application Security EngineerSportradar is the world’s leading sports technology company, at the intersection between sports, media, and betting. More than 1,700 sports federations, media outlets, betting operators, and consumer platforms across 120 countries rely on our know-how and technology to boost their business.Job DescriptionROLE...
-
Cloud Security Engineer
hace 3 semanas
España Pearson A tiempo completoPearson Cloud Security Engineer Madrid, Spain Workplace Type: Hybrid Job: TECHNOLOGY Schedule: FULL_TIME Role: Cloud Security Engineer Company: Pearson Location: Madrid, Spain (Remote or Hybrid*) About Pearson: Our purpose: At Pearson we ‘add life to a lifetime of learning’ so everyone can realise the life they imagine. We do this by creating vibrant and...
-
España Google Inc. A tiempo completoSenior Information Security Engineer, Product Security Engineering, Cloud Apply Bachelor's degree or equivalent practical experience.5 years of coding experience in one or more general purpose languages.5 years of experience with security assessments, security design reviews, or threat modeling.5 years of experience with security engineering, computer and...
-
Sap Security Subject Matter Expert
hace 3 semanas
España COTY A tiempo completoSAP Security ManagerIT GLOBAL - (Permanent role, based in Granollers, Spain)Coty is one of the world's largest beauty companies with an iconic portfolio of brands across fragrance, color cosmetics, skin care and body care. COTY is the global leader in fragrance and number three in color cosmetics. COTY's products are sold in over 150 countries around the...
-
Senior Network Security Engineer
hace 5 días
España Innovate Skillsource A tiempo completoNetwork Security Engineer This is a permanent position and dedicated to the implementation of high level security projects. We are looking for an enthusiastic engineer who wants to grow and develop. Ongoing certification and training in different areas of specialisation will be available. Key Responsibilities: Manage the security in Cisco Routers, Switches,...
-
Consultor/a Senior GRC Madrid, Toledo
hace 3 semanas
España Tecdata Engineering A tiempo completo¡Estamos buscando un/a Consultor/a Senior GRC!¿Tienes experiencia en proyectos de tecnologías de la información y las comunicaciones? ¿Te apasiona el mundo de la auditoría y los servicios de confianza electrónicos? ¡Esta es tu oportunidad! Requisitos: Formación: Grado, Licenciatura o Ingeniería en Informática, Telecomunicaciones o equivalente....
