GRC Project Manager

UST is looking for the very Top Talent…and we would be delighted if you were to join our family

More in details, UST is a multinational company based in North America, certified as a Top Employer and Great Place to Work company with over employees all over the world and presence in more than 35 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies.

What are we looking for?

We are looking for a
GRC
Project Manager
, with experience in cibersecurity projects, working close to one of our main clients in cybersecurity sector.

Main tasks and accountabilities will be:

• Handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS, ISMS, Risk assessment (AARR & BIAs), GAP Analysis, Incident management, Awareness activities, Data Privacy, etc.)
• Independently handle (with very minimal guidance from the supervisors) internal audits or GAP Analysis to ensure compliance with security standards (ex. ISO 27001/ISO 22301/ISO 27701, NIST CSF 2.0, ..) requirement as well as process specific requirements
• Responsible for the effective documentation of projects individually.
• Point out the non-conformance areas and suggest measures to improve the information security individually.
• Ensure that risk management is effectively conducted across the organization, business processes and information systems.
• Involve and contribute to customer assurance activities.
• Coordinate information security awareness training programs for all the employees, contractors and approved system users.
• Coordinate and Review the technical assessments of IT systems and processes to identify potential risks.
• Submit recommendations to mitigate any risks identified and ensure controls that they are implemented.
• Design, plan and execute the Cybersecurity activities.
• Directly Interact with customer and communicate detailed technical requirement to the team.
• Use independent judgement and discretion to analyze the system security.
• Prepare detailed description of user requirements and steps required to perform a compliance project in basis a standard or regulation.
• Learn and understand existing regulations or standards requirements.
• Independently handle the evidence collection from multiple teams as part of any internal audits.
• Policy/Procedure creation activities and process improvement ideas to be implemented.
• Research and analytical skills, including the ability to convert complex policy issues into simple briefings and communicate to the audience.

What UST expects from you?

• At least 5 years' experience in audits and compliance and assessments based on national and international standards (ISO27001, ISO22301, ENS, NIST, DORA, NIS2)
• Knowledge/certifications in ISO27001.
• Proficiency with a variety of instruments for assessing and controlling risk (ex. ISO 31000, Magerit v3, COSO)
• Experience in implementation of best practices, compliance with information security policies and standards.
• Technical experience or applicable knowledge in security architectures for different environments.
• Experience related to Cybersecurity ecosystem, deployment experience of security technologies.
• Knowledge of different security solutions/technologies: FW, DLP, IDS/IPS, EDR…
• Experience in incident response plans and exercises.
• Computer Engineering/Telecommunications and/or Master in Cybersecurity.
• Good english level (C1) you will be working with international teams.

Desired Skills:

• Knowledge in ENS, ISO 27005, ISO22301, ISO 42001, NIST CSF 2.0, NIST, SOC 2, GDPR, DORA, NIS2, CMMC 2.0
• Hold certifications such as CISM, CISSP, CISA, ISO/IEC 27001 Lead Auditor / Lead Implementer. We will also consider knowledge of HIPAA, ARC-AMPE or OT Cybersecurity (ISO 27019 / IEC for the more senior role.

Work location

Hybrid Madrid. 1-2 days a week in the office or customer site.

Work schedule

Business Hours. No intensive working days for friday or summer.

What can we offer?

23 days of Annual Leave plus the 24th and 31st of December as discretionary days

Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).

`Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan…)

Free access to several training platforms

Professional stability and career plans

UST also, compensates referrals from which you could benefit when you refer professionals.

The option to pick between 12 or 14 payments along the year.

Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime…)

UST Club Platform discounts and gym Access discounts

If you would like to know more, do not hesitate to apply and we'll get in touch to fill you in details. We are waiting for you

In UST we are committed to equal opportunities in our selection processes and do not discriminate based on race, gender, disability, age, religion, sexual orientation or nationality. We have a special commitment to Disability & Inclusion, so we are interested in hiring people with disability certificate.