Governance, Risk

We are currently recruiting for a Governance, Risk and Compliance (GRC) Specialist. Reporting to the Regional Information Security Officer (RISO), the GRC Specialist contributes to the protection and growth of Tunstall by supporting, implementing, and maintaining effective governance, risk, and compliance programs across all geographies and business units.

This is an incredibly exciting time to join Tunstall as we embark on an exciting period of transformation. You will be joining a recently created and growing global Information Security team within Tunstall and play a key part in the success of this transformation.

We are flexible on location and this role could be based at our Madrid office, or other European offices (Malmo, Sweden or one of our UK offices), on a hybrid working basis.

What will you be doing in this role?

As our Governance, Risk and Compliance Specialist, you will assist in governance of the information security function, support the business in understanding and managing cyber risks, and facilitate continuous alignment with regulatory and compliance requirements for secure business operations.

The Ideal candidate:

To be successful in this role you will have considerable experience in cybersecurity, with proven experience in governance, risk and compliance, ideally in a multinational organisation. You will have a strong understanding of regulatory requirements and good communication skills, both verbal and written, along with an organised approach to work.

What we offer:

• Hybrid Working,
• Competitive salary (with a localised benefits package)
• Boost your learning and growth through access to a Talent Library with over courses, and access to Udemy or O'Reilly learning platforms,
• A warm and welcoming team environment and a chance to build a rewarding career.

Some of your key tasks will be…

• Support, implement and maintain Governance, Risk and Compliance (GRC) programs and policies, ensuring effectiveness and adherence to international and applicable best practices and standards (e.g. ISO 27001, NIST 2.0, Cyber Essentials, Esquema Nacional de Seguridad, among others).
• Conduct regular risk assessments based on Tunstall Risk Management Methodology, aid in the maintenance of the regional risk registers and identify mitigation and treatment strategies in collaboration with the Information Security team and relevant stakeholders.
• Monitor compliance/effectiveness with the controls displayed in the Tunstall Security Control Framework for all the regions.
• Track and review GRC metrics and KPIs to measure and report on security posture, risks and compliance status across the organisation.
• Support the organisation in internal and external audits by ensuring all required documentation and evidence are available, current and relevant in the GRC Tool.
• Facilitate and provide training, awareness sessions and guidance on GRC-related matters to all relevant staff, tailored to their roles and compliance requirements.
• Collaborate closely with other Information Security, IT and business teams, supporting integration of cybersecurity governance initiatives with broader corporate governance frameworks and objectives.
• Maintain the GRC Tool of the company, with the supervision of the Head of GRC.

Key skills and experience:

• Proven experience in governance, risk management and compliance roles in complex, multinational organisations.
• Strong understanding of regulatory requirements, compliance standards and risk frameworks (ISO 27001, NIST 2.0, Cyber Essentials, Esquema Nacional de Seguridad, among others).
• Ability to conduct risk assessments and compliance audits, document results and develop actionable recommendations.
• Solid analytical, problem-solving and data interpretation skills.
• Excellent written and verbal communication skills with the ability to convey complex concepts to non-technical stakeholders.
• Bachelor degree in Information Security, Computer Science, Computer Engineering, Mathematics, Business Administration or similar or equivalent experience.
• English: CEFR C1.
• Experience with GRC platforms is highly desirable.

If you are not sure if you have the relevant skills or experience, then please apply (only takes a few minutes) and let our team review and come back to you.

A bit about us:

Tunstall is a market-leading health and care technology provider.

We're passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of around 3,000 colleagues provides lifesaving and life changing technology and services to millions of people in 18 different countries.

At Tunstall you'll find a place where you're valued and celebrated for being yourself. We empower our people to deliver the very best teamwork, innovation and thought leadership by creating an environment where we champion diversity and inclusion. We demonstrate our commitment to diversity and inclusion at each step. From our open, fair, and transparent recruitment processes, through to the many development and career growth opportunities we provide.

Each Tunstall colleague has a superpower… they're unique. No one else is them, and we think that's special. Come and join our mission and be part of our team, our One Tunstall team.

Equal Opportunities at Tunstall
At Tunstall, we're committed to building a team that reflects the diversity of the communities we serve. We welcome applications from people of all backgrounds, experiences, and abilities, and we celebrate the unique strengths each colleague brings. Our recruitment process is open, fair and inclusive, and we're dedicated to providing any reasonable adjustments you may need to thrive.