GRC Security Analyst (Information Security)

TL;DR

GRC Security Analyst (Cybersecurity): Managing governance, risk, and compliance operations for a global Atlassian app provider with an accent on risk management, audit support, and vendor reviews. Focus on ensuring compliance with ISO 27001 and SOC2, executing remediation plans, and facilitating security governance goals.

Location: Fully remote within Spain, with the option to work from the Bilbao office

Company

The largest global provider of award-winning Atlassian apps with a remote-first culture.

What you will do

• Coordinate and facilitate security governance goals and initiatives.
• Support sales channels regarding prospect and customer security questions, assessments, and audits.
• Conduct vendor risk management assessments and follow up on associated findings.
• Provide support for regulatory and compliance initiatives including ISO 27001, SOC2, and GDPR.
• Identify, document, and track security policy non-conformities and corrective action plans.
• Monitor business continuity (BC) and disaster recovery (DR) testing.

Requirements

• Bachelor’s Degree in Computer Science, Information Security, Engineering, or equivalent experience.
• 2+ years of experience working in information security risk and/or compliance roles.
• Knowledge of common Information Security frameworks such as CIS, ISO 27001, and SOC 2.
• Must be based in Spain.

Nice to have

• Experience with cloud-based security tools and controls (AWS, Azure, GCP, Heroku).
• CISA, CISSP, or similar security/GRC focused certifications.

Culture & Benefits

• Company equity for all team members.
• 25 days of annual leave, reduced summer hours, and flexible bank holidays.
• Private health insurance fully covered by the company.
• €400 gross annual sport allowance and €50 monthly home office support.
• 3 fully paid volunteering days per year through the CSR program.