Security Senior Consultant- Grc

We are looking for a security consultant to be part of the GRC projects for one of our clients.

**What are we looking for?**:
We are looking for people with technical education (Advanced cycles of professional training, Bachelor's degree in Computer Science, a related field, or equivalent) with 3 years of experience in security risk assessment, security audit and compliance and/or security risk remediation roles.

Fluent in Spanish and English will be necessary.

We value experience in:

- Skills on building automated solutions for large data sets, KPIs monitoring and security dashboards.
- A solid background in designing and providing Information Security solutions within a Financial Services company.
- Ability to audit vulnerabilities and provide / validate risk remediation action plans.
- Good knowledge of cloud security (Microsoft Azure, AWS).
- IT/IS assurance experience gained by working on projects.
- Good Knowledge of current technological trends and developments in the area of information security.
- Expert in process design analysis & designing secure solutions.
- Experience in receiving Information Security audits and their requirements.
- Experienced in defining high quality information security policies and security related processes and procedures.
- Knowledge of software development & security, expertise in Secure Development Life Cycle.
- Broad knowledge of general and security technology and standards, such as server security, firewalls, networks, TCP/IP, encryption.
- Knowledge of ISO Standards ISO27001/2.
- Knowledge of PCI DSS.
- Knowledge of GDPR requirements and other legislation, which govern Information Security.

Any of the following would be a plus:

- Recognised IS qualification like ISO 27001 Lead Auditor or Lead Implementer.
- Experience in internal PCI DSS assessments and delivery of attested SAQs.
- Experience in regular reporting on PCI DSS compliance status, action plan execution & KPIs to C-level stakeholders.
- Master’s degree in cybersecurity.
- Have relevant certifications such as CEH, OSCP, OSCE, CISSP, CISA, GIAC

**What challenges and tasks can you find in this job?**:

- Collection and monitoring of KPI’s defined in company strategy.
- Collaborate with and support the Group Security Practice. Interactions with CSO, CISO, Regional Security Officer and other stakeholders as necessary to ensure presence, quality and effectiveness of processes & controls.
- Develop and maintain repeatable, documented processes to identify and collect risk conditions, facilitate remediation, and monitor remediation.
- Build automated solutions for risk monitoring and reporting on key risk indicators for GRC and central Security teams, including PowerBI dashboards.
- Support, drive and report on entities risk assessment execution following company defined methodology.
- Identifying payment card data flows, defining local Cardholder Data Environments and creating local data flows that includes people, processes and technologies involved.
- Regular reporting on ISO 27001 compliance status, action plan execution & KPIs to C-level stakeholders.
- Information Security Risk Assessments.
- Implementation and development of Information Security Management System.
- Information Risk Management: creating risk mitigation plans, data entry, tracking planned activities.
- Preparing and conducting security awareness trainings, Information Owner trainings.
- Implementing security in life cycle of the projects.

**What are we offering?**:
**Type of contract**: indefinite full-time contract (from Monday to Friday).

**Location**: Barcelona, Zaragoza or Madrid (full remote from other locations is possible).

**Salary**: to determinate.

**Flexible Compensation Plan** (food card, transport card, medical insurance and training).

**Work Life Balance**: flexible work environment.