Information Security Analyst, GRC & ISMS

Information Security Analyst, GRC & ISMS

If you wanted to be anonymous, but the pandemic made you realize that wearing a mask is not your cup of tea… Your place is with us! We are expanding our Corporate Cybersecurity Compliance team to help manage risks, ensure regulatory compliance, and strengthen our security framework.

WHAT CHALLENGE WILL YOU BE TAKING ON?

In collaboration with the team, you will be responsible for maintaining and evolving the corporate Information Security Management System (ISMS). You will also contribute to all the processes required to ensure and enhance information protection, resilience, and compliance with established requirements. Your responsibilities will include:

• Activities related to regulations, standards, and frameworks applicable in the countries where GMV operates (ISO/IEC 27001, ENS, NIS2, etc.), including both internal and external audits.
• Defining and monitoring metrics, indicators (KPIs/KRIs), and management dashboards.
• Analyzing, assessing, and managing internal and third-party risks, while promoting initiatives to prevent and mitigate them.
• Developing and reviewing security and compliance policies, methodologies, and documentation.
• Supporting the preparation of security committees, management reviews, and ISMS governance activities.

WHAT DO WE NEED IN OUR TEAM?

For this position, we are looking for a Compliance Cybersecurity Engineer with experience in Governance, Risk & Compliance (GRC), Information Security Management Systems (ISMS), audit processes, information security controls and risk treatment plans. You should also have knowledge of:

• Security regulations and standards such as ISO/IEC 27001, ENS, NIS2, etc.
• Risk assessment and risk management methodologies.
• Security requirements for suppliers and third parties.

Additionally, the following will be considered a plus:

• Certifications such as CISM, CRISC, CISSP, CISA, ISO/IEC 27001 Lead Auditor, or similar.
• Knowledge of operational resilience and business continuity frameworks.
• Experience working in regulated environments or critical infrastructure sectors.
• A high level of English proficiency is required.

WHAT DO WE OFFER?

Hybrid working model and 4 weeks per year of teleworking outside your usual geographical area. Flexible start and finish times, and intensive working hours Fridays and in summer. Personalized career plan development, training and language learning support. National and international mobility. Do you come from another country? We can offer you a relocation package. Competitive compensation with ongoing reviews, flexible compensation and discount on brands.

Wellbeing program:
Health, dental and accident insurance; free fruit and coffee, physical, mental and financial health training, and much more! In our recruitment processes you will always have telephone and personal contact, face-to-face or online, with our talent acquisition team. In addition, bank transfers and bank cards will never be requested. If you are contacted through any other process, please write to our team at  We promote equal opportunities in recruitment, and we are committed to inclusion and diversity.

WHAT ARE YOU WAITING FOR? JOIN US

If you have any questions please do not hesitate to contact Pablo Durán Álvarez, in charge of this vacancy.