GRC Manager for Europe (Madrid)

The company: our customer is a Spanish multinational based in Madrid, that operates all over the world for more than 60 years and is one of the leading producers of food products. More than 12,000 employees and around 2.000 M€ revenue.

They will hire the selected candidate as an internal and permanent employee.


Purpose of the function:

As part of the Europe Cybersecurity area, the Manager of GRC for Europe supports the Europe CISO on the adaption and adoption of the Cybersecurity Strategy, Standards, Guidelines & Risk Appetite provided by the global area, as well as performs the Project & Vendor Management activities, ensures the Cybersecurity Follow-up, ensures the deployment of the Training & Awareness program within Europe and participates in the Audit Responses        


Key Responsibilities and tasks:

  • Cybersecurity Strategy, Standards & Risk Appetite
    • Apply the global strategy definition, adapt it to Europe and ensure its implementation, development, and compliance with the roadmap established by the global office within the region
    • Report to the Europe CISO and Global CISO Office the progress and status of the regional Cybersecurity strategy
    • Define, measure and monitor the cybersecurity indicators, following the Cybersecurity risk appetite statements defined by the global area and report the situation to the Europe CISO and the global area
  • Project & Vendor Management
    • Ensure the evolution/certification of the organization’s suppliers in cybersecurity
    • Manage and follow-up the outsourced services for Europe
    • Manage and control the portfolio of projects and activities in Cybersecurity for Europe
    • Identify and monitor the responsibilities (sponsor / responsible / client area / etc.) according to the global policies and guidelines
    • Report to the Europe CISO and the global office the project plans, budgets, schedules and risks
  • Cybersecurity Follow-up
    • Report to the Global CISO Office about the identification of risks assumed and their assessment
    • Measure and monitor the regional risks identified
    • Analyze the metrics for risks management defined by the Global CISO Office and report the situation to them and to the Europe CISO
    • Monitor the incidents of the region, being concerned about their criticality, and ensure that the region is correctly managing and communicating the relevant incidents until they are solved
    • Consolidate the incidents and monitor the regional view of the security status to the regional Top Management, Europe CISO and the global area
  • Training & Awareness
    • Apply and adapt the global strategic lines of the Training & Awareness in Europe. Ensure that it is updated on regular basis and that it reflects the latest security trends and threats
    • Ensure that the Training & Awareness plan is being followed in Europe by generating KPIs to control the execution and effectiveness
    • Provide administrative support in the development of Cybersecurity Training & Awareness materials and communications to ensure all employees, contractors, specific groups of staff (which may require other formation more specific, such as IT or Top Management) and outsourced service providers are aware of imminent threats
    • Evaluate the effectiveness of existing Information Security training, education, and awareness programs/activities and report the situation/background to the regional CISO and the global area
  • Monitoring & Audit Response Support
    • Liaison between internal/external auditors and internal stakeholders
    • Coordination of requests that apply to Europe
    • Follow up on the audit development
    • Report to regional Top Management and to the global area
    • Support on audit tasks and work with risk management to improve compliance
  • Cybersecurity Defense
    • Analyze, monitor and establish action plans of the reports provided by the global area of:
      • Threat Intelligence
      • Ethical Hacking
      • Threat Hunting
      • Security Monitoring
      • Vulnerability Management
      • Forensics
    • Establish an incident response process on scenarios of security incidents, setting the scaling process and report to the global area                                                                                                                                                                                                                           

Working Experience and knowledge:

  • 5+ years of multi-disciplinary Information Security and Information Technology experience
  • 3+ years of hands-on operational cybersecurity experience
  • 2+ years of cybersecurity leadership experience
  • Strong understanding of common best practices, frameworks and regulations (NIST 800-53, ISO 27001, CIS, etc.)
  • Experience in the management and coordination of cybersecurity audits
  • Detailed understanding of offensive cybersecurity tactics, techniques and procedures
  • Demonstrated experience in creating communication channels and operational processes with external stakeholders, including IT, Human Resources, Legal, Communications, and Employee Relations teams, to effectively manage incident response, insider threat or DLP violation scenarios
  • Demonstrated track record of efficient, scaled delivery with small teams, directly taking on and providing deliverables with limited resources, including standing up capabilities ground-up
  • Experience in vendor-related contract reviews and legal processes


Specific skills:

  • Excellent verbal communication skills
  • Excellent customer service attitude
  • Well-developed problem-solving skills
  • Strong communication skills (written and verbal) allowing them to communicate with both technical and non-technical audiences
  • Project management skills: financial/budget management, scheduling, and resource management
  • Exhibit excellent analytical skills, the ability to manage multiple, inter-disciplinary projects as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • Ability to support comprehensive RFPs, addressing all compliance and regulations-related issues
  • Availability to solve unexpected incidents or problems related to the job position


Personal Skills Requirements and Job Conditions

 Job location: Madrid, European nationality otherwise EU/Spain work permit required as a prerequisite.

Willing to travel when needed.

Education and Training:

  • Bachelor’s degree in Information Security, Computer Science, Management of Information Systems or related field.
  • Master’s degree in security/engineering, computer science or business information systems is preferred.
  • Vendor independent security certifications (e.g. CISA, CRISC, CISSP, CEH…)


Fluency in Spanish and English languages is essential.

Organizational position: Reporting to CISO (located in Madrid).

Employment Type: Permanent Full Time.

Salary: Depending on experience.

If you are interested, please apply here or send us an email to including in the subject: ‘Manager of GRC europe’ along with your CV in English.