Enterprise Cybersecurity Risk Management: Continuously identify, log, and analyze control nonconformities and unresolved/high-risk vulnerabilities across different sources. Maintain the Risk Registry and deliver timely risk treatment updates and reports to stakeholders.
Third-party Cybersecurity Risk Assessments: Executed annually, ensuring alignment with internal risk standards and external compliance requirements.
Cybersecurity Controls Management: Maintain and enhance the cybersecurity control framework by mapping existing controls, collecting evidence of execution, identifying gaps or nonconformities, and aligning overlapping requirements under a unified structure. Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.
Policies and Procedures Development: Create and maintain cybersecurity-related policies and procedures. Ensure documentation complies with regulatory and contractual standards.

Advanced english for communication with international clients
Excellent communication skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
Strong analytical and problem-solving skills, with the ability to make informed decisions in high-pressure situations.
Conduct cybersecurity risk assessments, identify potential vulnerabilities, and recommend strategies to mitigate risks.
Collaborate with cross-functional teams to ensure that GRC policies, procedures, and controls are effectively communicated and implemented.
Lead efforts to maintain and update documentation related to GRC processes, including risk assessments, policies, and procedures.
Participate in internal and external audits, providing support and documentation as needed to demonstrate compliance.
Strong understanding of GRC frameworks, industry standards, and regulatory requirements.
Excellent analytical skills, attention to detail, and the ability to work independently and in cross-functional teams.

Senior GRC Security Specialist

Key skills