Enterprise and Security Risk Manager

Date: Nov 29, 2025

Location:

Barcelona, B, ES, 08022

Functional Area: Remote

Syntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world-class monitoring and automation, Syntax serves some of North America's largest corporations across a diverse range of industries. Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.

Position Summary
The
Enterprise and Security Risk Manager
(m/f/d)
will be responsible for enhancing our strategic risk alignment and fostering a risk-aware culture across our organization; this role will play a pivotal part in executing our established Enterprise Risk Management (ERM) framework, to ensure risks are proactively identified, assessed, and managed. In addition to enterprise-level risk activities, the specialist will support the Security Risk Management process, helping to maintain alignment between enterprise and information security risks, ensuring both are tracked, communicated, and addressed effectively across the organization.

Responsibilities

• Conduct risk interviews and perform detailed risk assessments across all risk categories (e.g., IT, security, operations, finance, legal, HR, etc.) to identify and prioritize strategic risks.
• Support Enterprise Risk Management (ERM) activities by contributing to risk assessments, risk treatment planning, and monitoring mitigation progress.
• Advise on the development of risk treatment plans, collaborating with stakeholders to ensure effective mitigation strategies.
• Contribute to the Security Risk Management process by coordinating security risk assessments, documenting risk scenarios, evaluating likelihood and impact, and maintaining alignment with the ERM process.
• Prepare and deliver quarterly risk reports and presentations to the senior executive leadership team, aligning insights with organizational objectives.
• Foster a risk-aware culture by promoting open dialogue and transparency around risk identification and management across all departments.
• Collaborate with all departments, across all regions, to integrate risk management into business processes and decision-making.
• Stay current with industry standards (e.g., COSO, ISO 31000, ISO 27005, NIST SP to ensure best practices in risk management.
• Coordinate with GRC during internal and external audits by preparing evidence, ensuring timely responses, and tracking corrective actions to closure.
• Develop and deliver governance and policy-related training to business units, functional leaders, and technical teams.
• Translate technical requirements into control language that auditors and business leaders can understand.
• Provide input into risk metrics by maintaining dashboards, contributing data points, and preparing summaries for management and stakeholders.

Required Skills And Experience

• Minimum of 5 years in Enterprise Risk Management or related risk management roles, ideally within industries such as IT, security, operations, or finance. Professional experience outside of risk management in one of these areas is also a plus
• Strong understanding of strategic risk management and industry frameworks (COSO, ISO 31000, ISO 27005, NIST SP
• Solid knowledge of regulatory frameworks and standards (ISO 27001, SOC 2, NIST CSF, GDPR, etc.).
• Proven ability to foster a culture of openness and accountability in risk management.
• Practical experience preparing audit evidence, supporting assessments, and tracking corrective actions to closure.
• Analytical, problem-solving, and critical thinking skills, with eagerness to continuously learn.
• Exceptional communication and presentation skills, with the ability to distil complex risk insights into clear, actionable reports.
• Collaborative, self-motivated, and adaptable, with a big-picture mindset and a tenacious, result-driven approach.
• Professional certifications: CRISC certification strongly preferred. Additional certifications such as ISO 27001 Lead Implementer/Lead Auditor or ISO 27005 Lead Risk Manager are an advantage.
• English fluency + Spanish fluency (written and spoken)

Key Technologies

• Risk and Governance Platforms: ServiceNow (GRC module), SharePoint, or equivalent tools for tracking, workflow management, and evidence collection.
• Data and Reporting: Microsoft Excel, Power BI, or similar platforms for risk dashboards and reporting.
• Security Tools (for context gathering): familiarity with systems such as Qualys, Tenable, Splunk, or Sentinel to support integration of technical risk data.
• Collaboration Tools: Microsoft Teams, Confluence, and other documentation or communication platforms.

Mandatory Legal Requirements
Nationality or Work Authorization:
Spanish or Portuguese nationality, or alternatively a permanent work permit/VISA for Spain or Portugal.

Why Syntax?
Become a part of our success story and work in a company with exciting innovation projects that are causing a stir across the industry. We recently launched one of the world's most advanced manufacturing facilities based on SAP S/4HANA Cloud and SAP Digital Manufacturing Cloud for Execution - for Smart Press Shop, a pioneering joint venture between Porsche and forming specialist Schuler.

• Competitive, above-average compensation
• Global tourist: With us, you can also work from abroad from time to time
• Flexible working time models, home office
• Attractive benefits, e.g. various health offers
• A modern environment in which the "you" is part of it
• Open feedback culture, flat hierarchies and a motivated team
• Individual career planning with continuous training and coaching on the job

Benefits

• Flexible hours, Monday to Thursday 8h, and Fridays.... 6h. In addition, the whole month of August and the first half of September we have an intensive timetable. 28 days holiday (23 days holiday + 4 days at Christmas from 15 December to 15 January + 1 day for your birthday)
• Windows laptop for work (Dell or Lenovo)
• Apple or Android choose
• Two lovely offices with a nice garden to relax and have a coffee
• Free coffee and soft drinks
• Kitchen facilities
• Medical insurance with Sanitas
• Training: Free AWS and SAP certifications, internal workshops and free access to Linkedin E-learning
• Free online English, German, Spanish or French classes through a platform
• Online Canteen 2.0

You see a personal challenge in this responsible task? Apply now - and become part of the SYNTAX team