CrawlJobs Logo

Security Governance Specialist

Spain, Barcelona · Job Posted February 14, 2026
Apply Position
Job Link Share

Job Description

The Security Governance Specialist is a critical member of the Information Security team responsible for developing and maintaining the governance framework, policies, procedures, and standards that guide the organization's information security practices. This role plays a pivotal role in ensuring that security efforts align with business objectives and comply with relevant regulations and industry standards.

Job Responsibility

  • Develop and maintain information security policies, procedures, and standards in alignment with industry best practices, regulatory requirements, and organizational goals
  • Collaborate with stakeholders across the organization to ensure policies meet business needs while maintaining security standards
  • Establish and manage the security governance framework, ensuring consistency and accountability in security practices
  • Define and communicate governance-related roles and responsibilities within the organization
  • Assist in identifying and understanding regulatory requirements and standards relevant to the organization (e.g., SOC 2, ISO 27001)
  • Ensure that security practices and policies align with compliance requirements and facilitate compliance assessments and audits
  • Contribute to the development of security awareness programs and training materials
  • Collaborate with the Security Awareness and Training Specialist to educate employees about security policies and best practices
  • Maintain a repository of security policies, procedures, and standards
  • Prepare and distribute reports on compliance status, governance efforts, and security metrics to management
  • Integrate risk management principles across the business
  • Ensure that security governance efforts address identified risks appropriately
  • Stay informed about emerging security threats, regulations, and best practices
  • Propose and implement improvements to the security governance framework based on industry trends and organizational needs
  • Integrate with Tech and Product teams to identify and assess new development initiatives or projects
  • Bridge communication between the security and engineering teams ensuring needs and expectations are understood and managed

Requirements

  • ISO 27001 Lead Auditor or Implementer certification is highly desirable (but not essential)
  • Experience leading or taking part in internal and or external audits
  • 5+ years of experience in information security governance
  • Knowledge of relevant security standards and frameworks (e.g., ISO 27001, NIST, SOC 2)
  • Experience of continuous compliance tooling (eg Vanta or Drata)
  • Strong understanding of regulatory requirements, such as GDPR
  • Excellent communication and collaboration skills, with the ability to work across various departments
  • Strong analytical and problem-solving skills
  • Detail-oriented with a commitment to maintaining accuracy in documentation
  • Ability to adapt to a dynamic and fast-paced environment
  • Self-starter and free thinker

What we offer

  • True flexibility and work-life balance
  • Remote or hybrid work model with our hub in Barcelona
  • Flexible working hours
  • Summer intensive schedule during July and August (work 7 hours, finish earlier)
  • 23 paid holidays, with exchangeable local bank holidays
  • Additional paid holiday on your birthday or work anniversary (you choose what you want to celebrate)
  • Private healthcare plan with Adeslas for you and subsidized for your family (medical and dental)
  • Access to hundreds of gyms for a symbolic fee in partnership for you and your family
  • Access to iFeel, a technological platform for mental wellness offering online psychological support and counseling
  • Free English and Spanish classes

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Security Governance Specialist

8 matching positions

Security Governance Specialist

The Security Governance Specialist is a critical member of the Information Secur...
Location
Location
Poland , Warsaw
Salary
Salary:
Not provided
docplanner.com Logo
DocPlanner GmbH
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • ISO 27001 Lead Auditor or Implementer certification is highly desirable (but not essential)
  • Experience leading or taking part in internal and or external audits
  • 5+ years of experience in information security governance
  • Knowledge of relevant security standards and frameworks (e.g., ISO 27001, NIST, SOC 2)
  • Experience of continuous compliance tooling (eg Vanta or Drata)
  • Strong understanding of regulatory requirements, such as GDPR
  • Excellent communication and collaboration skills, with the ability to work across various departments
  • Strong analytical and problem-solving skills
  • Detail-oriented with a commitment to maintaining accuracy in documentation
  • Ability to adapt to a dynamic and fast-paced environment
Job Responsibility
Job Responsibility
  • Develop and maintain information security policies, procedures, and standards in alignment with industry best practices, regulatory requirements, and organizational goals
  • Collaborate with stakeholders across the organization to ensure policies meet business needs while maintaining security standards
  • Establish and manage the security governance framework, ensuring consistency and accountability in security practices
  • Define and communicate governance-related roles and responsibilities within the organization
  • Assist in identifying and understanding regulatory requirements and standards relevant to the organization (e.g., SOC 2, ISO 27001)
  • Ensure that security practices and policies align with compliance requirements and facilitate compliance assessments and audits
  • Contribute to the development of security awareness programs and training materials
  • Collaborate with the Security Awareness and Training Specialist to educate employees about security policies and best practices
  • Maintain a repository of security policies, procedures, and standards
  • Prepare and distribute reports on compliance status, governance efforts, and security metrics to management
What we offer
What we offer
  • True flexibility and work-life balance
  • Remote or hybrid work model with our hub in Warsaw
  • Flexible working hours (fully flexible, as in most cases you only have to be on a couple of meetings weekly)
  • 20/26 days of paid time off (depending on your contract)
  • Additional paid holiday on your birthday or work anniversary (you choose what you want to celebrate)
  • Private healthcare plan with Signal Iduna for you and subsidized for your family
  • Multisport card co-financing for you to have access to sports facilities across Poland
  • Access to iFeel, a technological platform for mental wellness offering online psychological support and counseling
  • Free English and Spanish classes
  • Fulltime
Read More
Arrow Right

Cyber Security Governance Specialist

Are you looking for a new challenge? Fancy helping us shape the future of motor ...
Location
Location
Spain , Madrid
Salary
Salary:
Not provided
prima.it Logo
Prima
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of experience in cybersecurity governance, risk, compliance, or security assurance roles, either in-house or within a consulting environment, preferably in regulated or complex organisational contexts
  • Proven knowledge of major cybersecurity frameworks (e.g., ISO/IEC 27001, NIST CSF) and regulatory landscapes (GDPR, DORA)
  • Proven experience in developing policies, conducting gap analyses, audit activities and defining remediation plans
  • Familiarity with Business Continuity Management (BCM) and IT Disaster Recovery (DR) concepts, including participation in Business Impact Analyses (BIA), critical asset dependency mapping, definition of RTOs and RPOs and Disaster Recovery tests or exercises
  • Strong English communication skills, with the ability to collaborate effectively with multidisciplinary teams
Job Responsibility
Job Responsibility
  • Contribute to the definition, implementation, and continuous improvement of the cybersecurity governance framework, including policies, procedures, and controls aligned with international standards and regulatory requirements (e.g. ISO/IEC 27001, NIST CSF, COBIT, GDPR, DORA)
  • Perform security audits, gap analyses, and cyber risk assessments, identifying remediation actions and supporting their execution with relevant stakeholders
  • Participate in third-party security and resilience assessments
  • Support Business Continuity Management (BCM) and IT Disaster Recovery (DR) activities, contributing to Business Impact Analyses (BIA) activities, critical asset dependency mapping, the definition and maintenance of Recovery Time and Recovery Point Objectives (RTOs/RPOs) and participation in business continuity and IT Disaster Recovery tests and exercises (e.g. tabletop simulations)
  • Support cybersecurity awareness initiatives, training programs, and onboarding activities related to security topics
What we offer
What we offer
  • Work from home, the office or a mix of both
  • work from anywhere for up to 30 days a year
  • access to learning resources, mentorship and a growth plan tailored to you
  • private healthcare, gym discounts, wellbeing programs and mental health support
  • Fulltime
Read More
Arrow Right

Cyber Security Governance Specialist

Are you looking for a new challenge? Fancy helping us shape the future of motor ...
Location
Location
Italy , Milan
Salary
Salary:
Not provided
prima.it Logo
Prima
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of experience in cybersecurity governance, risk, compliance, or security assurance roles, either in-house or within a consulting environment, preferably in regulated or complex organisational contexts
  • Proven knowledge of major cybersecurity frameworks (e.g., ISO/IEC 27001, NIST CSF) and regulatory landscapes (GDPR, DORA)
  • Proven experience in developing policies, conducting gap analyses, audit activities and defining remediation plans
  • Familiarity with Business Continuity Management (BCM) and IT Disaster Recovery (DR) concepts, including participation in Business Impact Analyses (BIA), critical asset dependency mapping, definition of RTOs and RPOs and Disaster Recovery tests or exercises
  • Strong English communication skills, with the ability to collaborate effectively with multidisciplinary teams
Job Responsibility
Job Responsibility
  • Contribute to the definition, implementation, and continuous improvement of the cybersecurity governance framework, including policies, procedures, and controls aligned with international standards and regulatory requirements (e.g. ISO/IEC 27001, NIST CSF, COBIT, GDPR, DORA)
  • Perform security audits, gap analyses, and cyber risk assessments, identifying remediation actions and supporting their execution with relevant stakeholders
  • Participate in third-party security and resilience assessments
  • Support Business Continuity Management (BCM) and IT Disaster Recovery (DR) activities, contributing to Business Impact Analyses (BIA) activities, critical asset dependency mapping, the definition and maintenance of Recovery Time and Recovery Point Objectives (RTOs/RPOs) and participation in business continuity and IT Disaster Recovery tests and exercises (e.g. tabletop simulations)
  • Support cybersecurity awareness initiatives, training programs, and onboarding activities related to security topics
What we offer
What we offer
  • Work Your Way: Enjoy full flexibility – work from home, the office or a mix of both
  • Grow with us: We may move fast at Prima, but we move together. Get access to learning resources, mentorship and a growth plan tailored to you
  • Thrive and perform: Your best work begins when you feel your best. Enjoy private healthcare, gym discounts, wellbeing programs and mental health support
  • Fulltime
Read More
Arrow Right

Security Governance & Compliance Specialist

The Senior Privacy Analyst is part of a global team who ensures Cisco complies w...
Location
Location
Poland , Krakow
Salary
Salary:
Not provided
Cisco
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A Bachelor's degree in Computer Science, Information Technology, Law, or a related field is typically required, with 2–5 years of experience in privacy compliance, risk management, or data protection
  • Deep understanding of data protection laws, including GDPR, CCPA, along with the ability to monitor emerging legislation
  • Hands-on experience with privacy management platforms (e.g., Securiti.ai, OneTrust)
  • Proven certification holding CIPP/E (Certified Information Privacy Professional/Europe), CIPP/US, or CIPM (Certified Information Privacy Manager)
Job Responsibility
Job Responsibility
  • Research and respond to privacy requests sent to Cisco for action
  • Coordinate with database admin teams across Cisco to assure requests are fully addressed within the legally defined timelines, with special attention focused on those that are high priority
  • Use Privacy Response tool(s) to document remediation actions taken
  • Leverage more than 180 templates to craft legally approved communications
  • and continue to expand template catalog
  • Educate and share best practices with other team members to improve overall ability to respond to new requests
What we offer
What we offer
  • Benefits & perks designed to support every aspect of your life: from your well-being to your time away to your family
Read More
Arrow Right

Data Governance Specialist - Data Security

Elevate Your Career as a Data Governance Specialist - Data Security. Join our dy...
Location
Location
Netherlands , Rotterdam
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, or related field
  • 5+ years in data governance, data management, or related functions
  • At least 2 years in leadership or managerial roles
  • Proven experience designing and implementing data governance frameworks
  • Hands-on experience with data infrastructures, cloud environments, and data integration
  • Working knowledge of data governance tools (e.g. Collibra, Informatica, or equivalent)
  • Strong understanding of data privacy regulations (e.g. GDPR, CCPA)
  • Demonstrated communication skills for translating technical concepts to non?technical audiences
Job Responsibility
Job Responsibility
  • Develop, implement, and maintain data governance and data security frameworks across the organization
  • Establish and enforce policies, standards, and best practices for data quality, integrity, compliance, and protection
  • Collaborate with cross?functional teams, including Cybersecurity, Legal, Compliance, and business units, to ensure secure data handling and alignment with regulatory requirements
  • Lead enterprise-wide governance initiatives, data security assessments, and incident response efforts
  • Promote a culture of data stewardship and awareness through training, communication, and ongoing stakeholder engagement
  • Support continuous improvement of data governance operations, tools, and processes
  • Fulltime
Read More
Arrow Right

Information Security Integration and Governance Specialist

Within Airbus Defence and Space SAU, Corporate Security operates under a holisti...
Location
Location
Spain , Getafe Area
Salary
Salary:
Not provided
airbus.com Logo
Airbus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • University degree in Computer Science, Engineering, Telecommunications, Information Systems, or a related field
  • Relevant industry certifications are highly valued (e.g. CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementer/Auditor)
  • Deep understanding of risk analysis: proven experience leading and documenting comprehensive Information Security Risk Assessments (RAR) and defining effective mitigation strategies. Knowledge of MAGERIT and EBIOS methodologies and tools (Pilar / Fence)
  • Regulatory Compliance Mastery (ENS, CCN-STIC…)
  • Accreditation and Audit Management: extensive hands-on experience in managing security audits and supporting system accreditation/certification processes (eg. ISO 27001, ENS compliance)
  • Penetration Test Coordination: experience coordinating penetration testing (overseeing the scope, evaluating technical results, and tracking remediation plans)
  • Security Architecture/Controls: solid understanding of technical security controls across network, system, and application layers, and the ability to interface with IT/DevOps teams
  • Security Project Management: Demonstrated ability to manage and deliver security implementation projects on time and within budget, translating high-level policy into actionable tasks
  • Deviation Management: experience defining, managing, and tracking security exceptions or deviations, including risk acceptance and compensating control documentation
  • Stakeholder communication: excellent written and verbal communication skills to effectively bridge the gap between Corporate Security management and IT operation teams
Job Responsibility
Job Responsibility
  • Strategic Interconnection: Act as the interface and point of contact between the Corporate Security area and the Digital area, translating security requirements into applicable technical solutions
  • Risk Management and Analysis: Lead the analysis, assessment, and treatment of security risks, identifying vulnerabilities and proposing countermeasures to mitigate the potential impact on company assets
  • Regulatory and Legal Compliance: Ensure strict knowledge and compliance with Spanish and international applicable regulations (eg ENS, CCN-STIC, NIS2, CRA, ISO 27001, NATO, EU, PART-IS, CMMI, NIST), as well as actively participating in accreditation processes and system certification
  • Audit and Accreditation: Coordinate security audits (internal and external) and manage the necessary documentation and evidence for system accreditation processes
  • National networks: provide technical expertise and support to the Spanish NISO (National Information Security Officer) in evaluating and defining the security conditions required to answer the demands for different areas regarding interconnections and geographical extensions of our national network
  • Security Project Management: lead or participate in the management of key projects aimed at implementing, updating, or reinforcing security controls and tools
  • Deviation Management: administer and document the security deviation management process, evaluating its associated risk and establishing mitigation plans
  • Support the Spanish NISO in the implementation of the company digital security strategy within the framework of the national laws and regulations and in the implementation of technical and organization measures to identify, resort and manage cyber security risks
  • Fulltime
Read More
Arrow Right

Information Security Governance, Risk and Compliance Specialist

The Information Security Governance, Risk and Compliance (GRC) Specialist is a s...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable
  • Seasoned experience in information security or related roles
  • Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial
  • Seasoned familiarity with information security frameworks and standards
  • Seasoned understanding of risk assessment methodologies, compliance, and policy development
  • Strong communication and interpersonal skills for effective collaboration
  • Strong attention to detail and ability to follow established processes
  • Seasoned project management skills for coordinating security initiatives
Job Responsibility
Job Responsibility
  • Assists in conducting risk assessments and vulnerability assessments
  • Contributes to the development and maintenance of security policies and procedures
  • Collaborates with internal stakeholders to ensure compliance with industry standards and regulations
  • Participates in security awareness and training initiatives
  • Supports incident response activities and investigations as required
  • Monitors and reports on security compliance metrics
  • Assists in the implementation of security controls and best practices
  • Stays updated with emerging security threats and trends
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Senior Information Security Governance, Risk and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
  • Advanced experience in information security, including GRC-related roles
  • Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right