Senior Information Security Manager

Senior Information Security Manager

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Ebury is seeking a high-caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit-ready and serves as a strategic enabler for Ebury’s global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.

This is an pportunity to be a strategic part of an experienced infosec team at a high-growth fintech scale-up.

What you’ll do

Governance & Compliance (BAU)

GRC Strategy & Architecture: Design, implement, and mature our global GRC framework, collaborating with other teams to align it with ISO 27001, NIST, GDPR, and DORA.

• Risk Management Lifecycle: Own the risk assessment process - you will lead the quantification and communication of risk to business stakeholders to drive informed decision-making.
• Audit Ownership: Lead and manage external audits as the primary liaison. This includes overseeing the remediation of findings and ensuring we remain continuously compliant across multiple jurisdictions.
• TPRM Leadership: Mature our Third-Party Risk Management program. You will define the standards for vendor security and ensure high-impact partners meet Ebury’s rigorous risk appetite.
• Regulatory Horizon Scanning: Proactively monitor the evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design the roadmaps to ensure Ebury remains ahead of the curve.

Strategic Projects & Process Maturation

• GRC Automation: Lead the selection and full-scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
• Strategic Advisory: Act as a high-level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business move.
• Cultural Leadership: Design and champion advanced security awareness programs that focus on shifting organizational behavior through metrics-driven insights.

What you’ll need

• 5+ years of experience in Information Security, GRC, or Risk Management roles
• Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
• Analytical skills: Ability to assess a "Security Exception" , experience with regulatory audits and working with financial regulators.
• Hands-on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g. OneTrust).
• Team player with exceptional communication and stakeholder management skills.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor are preferred.

Why Ebury?

• Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
• Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
• Cutting-Edge Technology: Leverage state-of-the-art tailor made tools and systems that enable you to perform at your best.
• Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
• Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
• Generous Benefits Package: Access competitive benefits tailored to your location, which typically include health care and social benefits.
• Central Madrid Office: A fantastic location with excellent transport links.

Ready to launch your career with a global FinTech? Click the ‘Apply’ Today and discover your potential at Ebury!

You can also connect with me on LinkedIn  - Fabienne Zigrit

 

 

#LI-FZ1

#LI-HYBRID