Senior Security Consultant

Role Overview

• Define, implement and monitor corporate information security strategies, objectives and governance frameworks.
• Design and implement information security management systems and security master plans.
• Lead risk management activities, including risk identification, assessment, treatment and reporting.
• Define cybersecurity action plans and oversee their execution.
• Ensure the protection of services, business processes and information assets.
• Oversee security monitoring, incident investigation and response activities, including coordination of disciplinary or legal actions where required.
• Manage and coordinate independent security audits and remediation follow-up activities.
• Drive continuous improvement by monitoring security performance, reporting on security posture and defining corrective actions.
• Develop and manage dashboards and metrics for operational security reporting.
• Support business continuity by performing business impact analyses and defining continuity and testing plans.
• Implement and maintain information security controls aligned with applicable laws, regulations, standards and best practices, including ISO 27001/27002, GDPR, Cyber Assessment Framework (CAF) and NIST CSF.
• Develop and maintain information security policies, standards and procedures, ensuring organisational compliance.
• Define, coordinate and assess the implementation of specific security controls for new systems and services.
• Manage supplier and third-party security, including supply chain security considerations.
• Deliver security awareness and training initiatives to promote a strong security culture across the organisation.

Requirements

• Minimum of 8 years’ experience in information security governance, management and operations, including the delivery of security projects in large and complex organisations.
• Bachelor’s or Master’s degree in Computer Engineering, Telecommunications Engineering or a related discipline.
• At least two of the following certifications: CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, ISO 22301 Lead Auditor, CEH, CCSP or SSCP.
• Willingness to travel when required.
• Experience in the design and implementation of other management systems, such as ISO 27701, ISO 22301, ISO 20000, ISO 9001 and ISO 14001.
• Knowledge of security in cloud environments, artificial intelligence, industrial control systems (ICS), operational technology (OT) and the Internet of Things (IoT).
• Knowledge of physical security principles and controls.
• Experience with GRC tools such as ARCHER, GlobalSuite or similar platforms.
• Experience performing compliance and certification audits, including ISO 27001 and GDPR.
• Hands-on exposure to technical security solutions and controls.
• Knowledge of sector-specific regulatory and security frameworks in areas such as banking, energy, telecommunications and media, industrial protection, and critical infrastructure protection.
• Knowledge of SOC operations, digital forensics and fraud management.
• Experience with GRC / IRM platforms and the automation of security and compliance processes.
• Additional security certifications such as CGEIT, C|CISO, QSA, CDPP, or Security Director certification issued by the Spanish Ministry of the Interior.
• Strong analytical and problem-solving skills.
• Collaborative mindset and ability to work effectively in multidisciplinary teams.
• Capacity for continuous learning, innovation and adaptation.
• Proactive approach with a strong sense of ownership and initiative.
• High level of integrity, accountability, commitment and professional confidence.
• Strong customer focus and results orientation.

Tech Stack

• Cloud
• Cyber Security
• IoT

Benefits

• Holidays: 25 days per annum + 8 days bank holidays (options to buy/sell days).
• Pension – 4% employee and 4% employer.
• Private medical insurance (including dental & optical).
• Life assurance.
• Income protection.
• Employee assistance programs.
• Flexible/remote working options.
• Charitable initiatives.
• Social events (formal & informal).
• Learning and development programs.
• Innovative & collaborative work environment.