Senior Information Security Manager
Ebury is seeking a high‑caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit‑ready and serves as a strategic enabler for Ebury's global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.
Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week
What you'll do
Governance & Compliance (BAU)
GRC Strategy & Architecture
- Risk Management Lifecycle: Own the risk assessment process - lead quantification and communication of risk to business stakeholders to drive informed decision‑making.
- Audit Ownership: Lead and manage external audits as the primary liaison, overseeing remediation of findings and ensuring continuous compliance across multiple jurisdictions.
- TPRM Leadership: Mature our Third‑Party Risk Management program; define vendor security standards and ensure high‑impact partners meet Ebury's rigorous risk appetite.
- Regulatory Horizon Scanning: Proactively monitor evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design roadmaps to keep Ebury ahead of the curve.
Strategic Projects & Process Maturation
- GRC Automation: Lead selection and full‑scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
- Strategic Advisory: Act as a high‑level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business moves.
- Cultural Leadership: Design and champion advanced security awareness programs that shift organizational behavior through metrics‑driven insights.
What you'll need
- 5+ years of experience in Information Security, GRC, or Risk Management roles.
- Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
- Analytical skills; ability to assess a "Security Exception", experience with regulatory audits, and working with financial regulators.
- Hands‑on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g., OneTrust).
- Team player with exceptional communication and stakeholder management skills.
- Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor preferred.
Why Ebury?
- Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
- Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
- Cutting‑Edge Technology: Leverage state‑of‑the‑art tailor‑made tools and systems that enable you to perform at your best.
- Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
- Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
- Generous Benefits Package: Access competitive benefits tailored to your location, typically including health care and social benefits.
- Central Madrid Office: A fantastic location with excellent transport links.
We believe in inclusion. We stand against discrimination in all forms and are against the intolerance of differences that makes us a modern and successful organisation.
#J-18808-Ljbffr