Senior Information Security Manager (Fintech)

TL;DR

Senior Information Security Manager (Fintech): Spearheading global governance, risk, and compliance initiatives with an accent on ISMS architecture and regulatory alignment. Focus on maturing the risk management lifecycle, leading external audits, and implementing automated GRC platforms.

Location: Hybrid: 4 days in the office (Madrid), 1 day working from home per week

Company

A fast-growing fintech scale-up providing integrated business accounts, hedging, and financing solutions to help businesses scale globally.

What you will do

• Design and mature the global GRC framework aligned with ISO 27001, NIST, GDPR, and DORA.
• Own the risk assessment process, focusing on quantification and communication of risk to business stakeholders.
• Lead external audits as the primary liaison and oversee the remediation of findings.
• Mature the Third-Party Risk Management (TPRM) program and define vendor security standards.
• Monitor the fintech regulatory landscape (EU AI Act, NIS2) to design compliance roadmaps.
• Lead the selection and implementation of automated GRC platforms.

Requirements

• 5+ years of experience in Information Security, GRC, or Risk Management roles.
• Deep knowledge of standards and regulations including ISO 27001, SOC 2, GDPR, FCA/DORA, and NIST.
• Proven experience implementing risk management processes and security metrics.
• Experience working with financial regulators and conducting regulatory audits.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001 Lead Implementer/Auditor.
• Must be based in or able to work from the Madrid office on a hybrid basis.

Culture & Benefits

• Competitive starting salary with an annual discretionary performance bonus.
• Dedicated mentorship from experienced managers.
• Clear and accelerated career progression pathways to leadership roles.
• Generous benefits package including healthcare and social benefits.
• Collaborative environment in a central Madrid office with excellent transport links.