Information & Cyber Security Manager_GRC
Spain, Vizcaya
hace 36 días


The Information & Cyber Security Manager GRC (Governance, Risk and Compliance) is responsible for establishing and maintaining SGRE's overall IT risk & compliance management program.

The individual in this position is responsible for identifying, evaluating and reporting on IT & information security risks in a manner that meets SGRE's regulatory and other compliance requirements.

Works proactively with the various business units and other internal departments and external organizations to implement practices that meet SGRE's defined policies and standards for information risk management.

Is responsible for IT-related risk & compliance assessment and identification activities over the company's IT systems and information assets and for its IT-

dependent strategic business objectives


Member of the Information & Cyber Security group (IT CYB), will report directly to the the Head of the area.

Will manage a team of Information & Security Professionals

Contacts (internal and external)

  • Internal Audit
  • Areas of responsability / Tasks

  • Manage all the risk&compliance-related activities of SGRE’s IT organization, including budgeting, planning, testing, reporting and recommending appropriate remediation measures.
  • Manage oversight and monitoring of risk mitigation and coordination of policy and controls to ensure that other managers are taking effective remediation steps.
  • Create, disseminate and (as required) update documentation of SGRE’s matrix of identified IT risks and controls. Act as risk & compliance management liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations.

  • Benchmark the risk management practices of other companies particularly those in related industries or with similar business models maintain an up-
  • to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to SGRE’s established IT policies and practices.

  • Design,support and conduct risk assessments for information and IT assets, IT processes and IT related third parties.Coordinate information security and IT risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations.
  • Review risk assessments, analyze the effectiveness of SGRE's IT control activities and report on them with actionable recommendations to the required stakeholders.

    Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.

  • Manage a staff of information security professionals, train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.
  • Develop a strong working relationship within the GRC team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
  • Competencies

  • In-depth understanding of strategic business risks. Ability to develop a comprehensive understanding of SGRE's business, market and industry and relate that knowledge to identified operations-
  • and IT-related risks. Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes

  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel;
  • in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls;
  • an excellent understanding of information security concepts, protocols, industry best practices and strategies.

  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
  • Essentials (Today and in future)

    Professional :

  • A minimum of six years of IT and information & cyber security related experience and at least two years in a supervisory capacity
  • A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information & cyber security is preferred
  • Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalents in relation to the position (e.
  • g.CRISC, CGEIT, CISA,...)

  • Language skills : English fluent (spoken, written) and Spanish as a minimum
  • Project / Process :

  • Strong multi-project management, time management and organizational skills
  • Proven ability to build relationships and influence individuals at all levels in a matrixed environment, as well as external vendors and service providers, to ensure that segregation and overlapping roles are identified and coordinated
  • Leadership :

  • Strong intellectual and analytical skills, able to sort complex data
  • Systematic, structured and goal oriented work style
  • Excellent written and oral communication ability
  • Intercultural :

  • Proficient in working in a fast-paced, complex, dynamic, multicultural business environment
  • Additional Requirements

  • Unquestionable integrity, objectivity, and independence.
  • Driven licence and own vehicle
  • Location in Zamudio
  • Open to international travel
  • Inscribirse
    Añadir a favoritos
    Elimnar de mis favoritos
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", acepto que neuvoo recolecte y procese mis datos de conformidad con lo establecido en su Política de privacidad . Tengo derecho a darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación