HQ - GRC Lead

Jobandtalent

Jobandtalent

Madrid, Spain · Spain

Posted on May 20, 2026
Apply now

We are looking for a GRC Lead to own and scale our Governance, Risk, and Compliance function within a fast-growing product company. This is a key role responsible for ensuring compliance with SOX, ISO 27001, and GDPR, while enabling the business to move fast in a secure and controlled way.

You will act as the main driver of our compliance strategy, working cross-functionally with Engineering, Security, Legal, Finance, and Product teams.

What you will do

  • Own and lead the company’s GRC strategy across SOX, ISO 27001, and GDPR
  • Design, implement, and maintain SOX control frameworks, including documentation, testing, and audit readiness
  • Build and manage the Information Security Management System (ISMS) aligned with ISO 27001
  • Ensure GDPR compliance across all data processing activities, including data mapping, DPIAs, and privacy controls
  • Lead internal and external audits, acting as the primary point of contact for auditors
  • Identify compliance gaps and drive remediation plans with technical and non-technical teams
  • Develop governance policies, procedures, and risk management frameworks
  • Partner closely with Engineering and Security teams to embed controls into systems and SDLC processes
  • Monitor regulatory and compliance changes and translate them into actionable requirements

Requirements

  • 8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
  • Strong hands-on experience with SOX compliance programs (design, testing, audit coordination)
  • Solid knowledge of ISO 27001 and experience managing or supporting ISMS implementation
  • Practical experience with GDPR in a product or corporate environment
  • Experience working with internal and external auditors
  • Strong stakeholder management and communication skills across technical and non-technical teams
  • Ability to translate regulatory requirements into scalable business processes
  • Fluent English

Nice to have

  • Experience in SaaS or product-led companies
  • Experience in Big 4 (Deloitte, EY, PwC, KPMG) or similar audit environments
  • Familiarity with cloud environments (AWS, GCP, Azure)
  • Security certifications (CISA, CISM, ISO 27001 Lead Implementer/Auditor)
#LI-ML3
Apply now
See more open positions at Jobandtalent