Information Security Manager

BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. ‍Young, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm. Our BRO team consists of 1,300 bright minds creating innovative ideas and products. We don't follow formats. We shape them. We build what works, launch it fast, and make sure it hits.

This is an on-site role. The office is in Valencia, Spain.
No remote, no hybrid work. 
The company assists with the relocation process if your location differs from the required.

We are seeking an Information Security Manager to join our team at our Valencia, Spain office.

Responsibilities: 
Security Audits & Governance 
Conduct internal security audits of systems, business processes, and new integrations. 
Review and challenge technical and organisational controls; identify weaknesses and improvement areas. 
Participate in security architecture discussions and proactively recommend control mechanisms. 

Security Requirements & Control Design 
Define security requirements for internal systems, tools, and business processes. 
Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
Validate that implemented controls meet design and compliance objectives.

Risk & Compliance Oversight
Perform risk assessments for internal tools and third-party services (pre- and post-integration).
Maintain the Risk Register and work with asset owners on risk mitigation plans aligned with ISO27001/27701 and other frameworks.
Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications. 

Data Protection & Access Control
Analyze data flows and define appropriate protection strategies (e.g., encryption, masking, access management). 
Ensure logging, alerting, and monitoring controls are in place and passed to the SOC.
Conduct periodic access reviews and role validations.

Security Awareness & Process Improvement
Contribute to security awareness initiatives and training content. 
Collaborate with business and IT teams to optimise secure-by-design practices across departments. 

Requirements: 
3+ years of experience in information security, internal audit, GRC, or similar roles. 
Hands-on experience conducting internal audits, risk assessments, and designing/implementing security controls.
Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks. 
Experience maintaining a Risk Register and working with asset owners on mitigation planning. 
Ability to define and validate security requirements for internal systems and processes. 
Understanding of data protection principles, including encryption, masking, and access control. 
Solid understanding of modern access management approaches such as RBAC, Just-in-Time (JIT) access, and Zero Trust. 
Strong analytical and documentation skills; ability to structure findings and communicate clearly across teams. 
Self-driven and structured approach to auditing, with the ability to work across technical and business functions. 

Nice to have:
Experience supporting external certification audits (ISO 27001, PCI DSS, etc.). 
Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CompTIA Security+.
Experience collaborating with a SOC team or working with log and alert management systems

 We offer excellent benefits, including but not limited to:
Learning and development opportunities and interesting, challenging tasks. 
Opportunity to develop language skills, with partial compensation for the cost of Spanish classes (for localisation purposes). 
Relocation package. 
Global coverage health insurance. 
Time for proper rest, with 23 working days of annual vacation and an additional 6 paid sick days. 
Competitive remuneration level with annual review. 
Teambuilding activities

Bold moves start here. Make yours. Apply today 

By submitting your application, you agree to our Privacy Policy.