GRC Senior Consultant (Cybersecurity)

We are looking for a GRC Senior Consultant, with experience in cibersecurity projects, working close to several clients. This role requires a professional capable of working independently, managing end-to-end engagements, conducting audits, and providing expert advisory across multiple security domains.

Main tasks and accountabilities will be:

Consulting & Advisory

• Lead consulting engagements across cybersecurity, risk management, and compliance domains.
• Advise clients on best practices, improvement strategies, and implementation approaches aligned with recognized standards.
• Translate regulatory and technical requirements into clear, actionable recommendations.

Audits & Compliance

• Independently conduct internal audits and GAP analyses aligned with: ISO 27001, ISO 22301, ISO 27701, NIST CSF 2.0, DORA, NIS2, ENS, and other frameworks.
• Identify non-conformities and provide structured remediation plans.
• Prepare client-ready audit reports, risk registers, and compliance roadmaps.

Risk Management

• Facilitate and execute risk assessments (AARR, BIAs) across business processes and information systems.
• Apply methodologies such as ISO 31000, Magerit v3, and COSO to evaluate and treat risks.
• Support clients in adopting formal risk management practices.

Cybersecurity Activities

• Review technical assessments to identify vulnerabilities and recommend mitigation strategies.
• Support cybersecurity initiatives including control implementation, incident response planning, and awareness programs.
• Validate security controls and document evidence of compliance.

Client Interaction & Communication

• Serve as a primary point of contact for clients throughout engagements.
• Communicate technical requirements, project progress, findings, and recommendations clearly and effectively.
• Deliver presentations, training sessions, and executive briefings tailored to diverse audiences.

Documentation & Policy Development

• Develop and maintain client documentation including policies, procedures, standards, and process guides.
• Ensure high-quality, audit-ready documentation for all consulting deliverables.
• Coordinate evidence collection efforts across client teams during audit and compliance activities.
• Collaborate with the rest of the team to improve the existing templates of documents or create new ones.

4+ years of experience in cybersecurity consulting, audits, compliance, or risk management.

• Expertise and/or certification in ISO 27001 and ENS (mandatory).
• Working knowledge of international standards such as: ISO 22301, ISO 27701, ISO 27005, ISO 42001, NIST CSF 2.0, SOC 2, GDPR, DORA, NIS2, CMMC 2.0.
• Strong proficiency in risk assessment methodologies (ISO 31000, Magerit v3, COSO).
• Experience in business and service continuity management.
• Bachelor´s degree in Computer Engineering, Telecommunications, or a related field; Master´s in Cybersecurity preferred.
• Good english level (C1) you will be working with international teams.

Desired Certifications:

• ISO 27001 Lead Auditor / Lead Implementer
• CISM / CISSP / CISA

What can we offer?

• 23 days of Annual Leave plus the 24th and 31st of December as discretionary days!
• Numerous benefits (Health Care Plan, teleworking compensation, Life and Accident Insurances).
• `Retribución Flexible´ Program: (Meals, Kinder Garden, Transport, online English lessons, Health Care Plan...)
• Free access to several training platforms
• Professional stability and career plans
• UST also, compensates referrals from which you could benefit when you refer professionals.
• The option to pick between 12 or 14 payments along the year.
• Real Work Life Balance measures (flexibility, WFH or remote work policy, compacted hours during summertime...)
• UST Club Platform discounts and gym Access discounts

More in details, UST is a multinational company based in North America, certified as a Top Employer and Great Place to Work company with over 35.000 employees all over the world and presence in more than 35 countries. We are leaders on digital technology services, and we provide large-scale technologic solutions to big companies., Nunca debes compartir tus datos bancarios ni fotos de tus documentos al solicitar un empleo. Si tienes alguna duda sobre un proceso de selección En esta oferta serás redirigido a la pagina web de la empresa. Completa el formulario en su web. Datos principales de la oferta * 100% En remoto * Ciberseguridad Funciones * Jornada completa Jornada * 3-5 años Experiencia * Indefinido