Cybersecurity & Compliance Officer / GRC Specialist

To autonomously and continuously ensure compliance with cybersecurity, compliance, and data protection frameworks within the organization. The role acts as an operational and technical counterpart to the responsible Cybersecurity, Compliance and DPO function, ensuring that documentation, contracts, action plans, and certifications are kept up to date, traceable, and audit-ready at all times., Governance, Risk and Compliance (GRC)

• Manage and maintain compliance documentation related to ENS, ISO/IEC 27001 and GDPR / LOPDGDD
• Prepare and maintain audit evidence for internal and external audits
• Proactively propose improvements to compliance processes and controls

Operational Follow-up and Coordination

• Independently track and follow up on cybersecurity and compliance action plans
• Coordinate with IT, product, operations, legal and external providers
• Identify deviations, assess risks and escalate when required with justified recommendations

Data Protection

• End-to-end management of data protection agreements with clients and suppliers
• Tracking of signatures, validity and updates of data processing agreements
• Perform Data Protection Impact Assessments (DPIA) autonomously
• Provide operational support to the DPO for internal data protection matters

Regulatory Monitoring & Certifications

• Ongoing monitoring of regulatory developments in cybersecurity and compliance
• Assess regulatory impact on the organization and support implementation planning
• Support maintenance of existing certifications and preparation for future ones in due

Do you have experience in Compliance management?, * Experience or strong knowledge of NIS2, Data Act and Cyber Resilience Act (CRA)

• Additional standards such as ISO 27701 or ISO 22301
• Experience in Cloud, IoT, healthcare or telecare environments

Required Experience and Skills

• Minimum 3-5 years of proven experience in GRC, compliance, information security, or data protection
• Hands-on experience with ENS and ISO/IEC 27001 in regulated or certified environments
• Solid understanding and practical application of GDPR in B2B environments as data processor
• High level of autonomy and organisational skills
• Strong attention to detail and documental rigor
• Ability to communicate clearly with both technical and non-technical stakeholders
• Proactive, continuous-compliance mindset
• Spanish: fluent or native
• English: fluent (mandatory), including ability to work with regulatory texts, audits and documentation in English, * Have you worked hands-on with ISO/IEC 27001 and/or ENS in a regulated or certified environment?
• Do you have practical experience applying GDPR in a B2B context (as data processor), including DPAs and DPIAs?
• Are you able to work autonomously, owning compliance documentation, action plans and audit readiness end-to-end?

Experience:

• GRC, cybersecurity, compliance or data protection?: 3 years (Required)

Language:

• English and Spanish (Required)

*Compensation will be defined based on experience and qualifications and discussed at interview stage.

Job Type: Full-time

Pay: From 1.00€ per year