IT Risk Manager Analyst – Compliance & Controls

Madrid - Spain

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

N-iX is a global software development company founded in 2002 connecting over 2400 tech professionals across 40 countries. We deliver innovative technology solutions in cloud computing data analytics AI embedded softwareIoT and more to global industry leaders and Fortune 500 companies. Join us to create technology that drives real change for businesses and people across the world.

Our customer is a worldwide leader in vehicle repair and insurance claims management employing over 3000 professionals across 40 countries. The company provides comprehensive cutting-edge solutions that simplify repair and claims processes delivering efficient and equitable outcomes for all stakeholders.

About the Role

The IT Governance IRM Analyst is responsible for operationalizing the Information Security Risk Management (IRM) framework across the group. This role focuses on the practical implementation of ISO 27001 controls ensuring that all IT assets are correctly scoped classified and protected according to their risk profile. The role acts as a guardian of compliance bridging the gap between high-level corporate rules and the technical implementation of security controls ensuring the organization remains

Responsibilities:

Information Risk Assessment (IRM)

Conduct systematic Risk Assessments to identify analyze and evaluate threats to digital assets.
Ensure all risk management activities align with the clients IRM Framework.
Document risk treatment plans and follow up on the implementation of mitigating actions.

ISO 27001 Controls monitoring

Support the rollout and maintenance of Information Security controls based on ISO 27001 and Corporate Rules.
Collaborate with IT teams to ensure controls (technical and organizational) are implemented effectively.
Monitor the effectiveness of the control environment and suggest remediations for identified gaps.
Collect evidence (design / effectiveness) when needed

Scoping & Asset Classification

Support the identification and scoping of Information Assets within the groups entities.
Ensure that all assets are accurately classified based on Confidentiality Integrity and Availability (CIA) standards.
Maintain the link between the Asset Inventory (Information Domain Model) and its security requirements.

Audit readiness

Act as a key point of contact for the IT Risk Function during internal and external audits.
Ensure evidence of control execution is collected and stored in an auditable manner.
Track compliance with Corporate Rules across different Portfolio Companies.
Report on the status of control implementation and risk mitigation plans.

Interfaces

Application Owners
Group CIO
Group Head of IT Governance
Group Head of IRM
Global Head of Architecture
Group CISO / Information Security
IT governance team
IT leadership across entities
Risk Management / Internal Audit
Internal / External auditors and assessors

Requirements:

Experience performing IT Risk Assessments in complex environments.
35 years of experience in Information Security IT Audit or IT Compliance.
Hands-on experience with ISO 27001 (implementation management or auditing).
Familiarity with international security standards regulatory requirements (e.g. NIS2 GDPR) and industry best practices for IT Risk Management.
Strong understanding of Risk Management methodologies (e.g. ISO 31000 ISO 27005).
Knowledge of the ISO 27001:2022 control set (Annex A).
Ability to interpret Corporate Rules and translate them into actionable risk management tasks.
Experience with GRC (Governance Risk and Compliance) software tools is a plus (Archer others).
Advanced Spanish and English language level.

Personal Skills

Strong analytical and structuring skills
Ability to work with senior stakeholders
High level of autonomy and ownership
Pragmatic and solution-oriented mindset
Degree in IT Information Security or related field
ISO 27001 Lead Implementer or Lead Auditor training is a plus

We offer*:

Flexible working format - remote office-based or flexible
A competitive salary and good compensation package
Personalized career growth
Professional development tools (mentorship program tech talks and trainings centers of excellence and more)
Active tech communities with regular knowledge sharing
Education reimbursement
Memorable anniversary presents
Corporate events and team buildings
Other location-specific benefits

*not applicable for freelancers

Required Experience:

Manager