We are looking for an experienced Senior Information Security Manager to join our team and lead our efforts in ensuring robust security compliance across our SaaS platform. As we are in the process of building our Information Security team, the selected candidate will be among the first members, playing a key role in shaping its foundation. The ideal candidate will have extensive experience with SOC 2 compliance, including developing, implementing, and managing security policies and procedures in alignment with industry standards. This role will also involve collaborating with cross-functional teams to establish best practices and ensure that security controls are continuously monitored and improved.Responsibilities Maintain and Adapt Security Policies: Maintain, adapt, and enforce security policies and procedures in alignment with SOC 2 and GDPR standards. Implement necessary tools and processes for continuous compliance monitoring and enforcement. Ensure SOC 2 Compliance: Oversee SOC 2 compliance efforts using Drata, including managing evidence collection, control monitoring, and ensuring audit readiness. Oversee and Enhance AWS Security: Implement AWS security best practices, including Identity and Access Management (IAM), encryption, and monitoring via AWS tools such as CloudTrail and CloudWatch. Lead Incident Response: Manage security incident response processes, including detection, investigation, mitigation, and remediation of security threats. Oversee Vulnerability and Access Management: Conduct regular vulnerability assessments and manage access controls to ensure secure system configurations. Handle GDPR Compliance: Implement GDPR-compliant data protection measures, manage data subject requests, and handle breach notifications in compliance with regulatory requirements. Coordinate with Stakeholders: Collaborate with IT, development, and other cross-functional teams to implement security measures, and regularly communicate compliance and security status to senior management. Minimum Requirements A Bachelor's degree in Computer Science or a related field 5+ years of information security experience Extensive experience in managing SOC 2 and GDPR compliance for an organization. This includes hands-on experience with implementing and maintaining security controls, overseeing audits, and ensuring adherence to both SOC 2 and GDPR regulatory requirements Experience in using compliance automation platform Drata or other similar tools Proficiency in AWS services and best practices Strong understanding of security protocols, systems, and frameworks (e.g., ISO 27001, NIST, SOC2, GDPR). Fluent in English Bonus Points Relevant certifications (e.g., CISSP or CISM) Building and scaling Security teams from the ground up Benefits A salary above Spain-average for this position Flexible working hours Hybrid approach: choose which days you work from home or at the office 11€ per day meal allowance + food and snacks at the office (and paellas!) Private health Private pension (company doubles your savings) Best equipment: choose between Mac or Linux Frequent training, budget for conferences, OReilly subscription Access to Urban Sports International environment (over 25 nationalities), with 50% of our leaders being women, and almost 50% of our tech team too Working in a climate-tech startup, helping corporations to identify ESG risks
#J-18808-Ljbffr