From Hays, we're collaborating with a global leader in digital automation and AI‐powered operational transformation, operating across multiple countries and serving large enterprise customers. They specialise in end‐to‐end digital process optimization, including complex, technology‐driven environments in which information governance, compliance, and risk management are mission‐critical.
We're looking for an IS Compliance & Risk Management Consultant responsible for governing and continuously improving the company's Information Security compliance framework and IS risk management practices.
You will be part of a growing governance team responsible for ensuring security controls, risk mitigation activities, ISO 27001 & NIS2 compliance, and audit readiness across several business units, acting as a bridge between high‐level governance requirements and practical implementation across IT functions.
Required Skills & Experience
* 6+ years of experience in Information Security, IT Audit, or IT Risk Management, with focus on governance, risk, and compliance.
* Strong practical knowledge of ISO 27001 (implementation, management, or auditing).
* Strong understanding of NIS2 or comparable regulatory frameworks
* Advanced level of English (fluency).
* Experience engaging with senior IT stakeholders and cross‐functional teams.
* Strong analytical mindset, autonomy, and clear communication skills.
* Experience in M&A security assessments is a plus.
* ISO 27001 Lead Implementer/Auditor certification is highly valued.
* CISM, CISSP, or comparable certification is highly valued.
Key Responsibilities
* Own and maintain the Group-wide ISMS framework aligned to ISO 27001
* Define and maintain security policies, standards, and control requirements
* Ensure applicability and rollout across all legal entities and portfolio companies
* Prepare and coordinate internal and external audits
* Monitor regulatory requirements and translate them into actionable controls
* Lead NIS2 compliance readiness and evidence structure
* Act as central contact for auditors and regulatory inquiries
* Ensure documentation and evidence structures are audit-ready
* Establish and operate the Group-wide IS risk management process and maintain the central IS risk register
* Facilitate risk assessments with business, IT, and portfolio companies
* Ensure management visibility of key IS risks and mitigation status
* Integrate IS risks into enterprise risk management
* Define minimum IS control baseline for all entities
* Conduct IS compliance and risk reviews for portfolio companies
* Support M&A security assessments and post-merger governance integration
* Define and maintain IS compliance and risk KPIs
* Provide regular reporting to executive management
* Enable risk-based decision making through structured reporting
* Support management and key roles in understanding their security responsibilities
* Provide guidance on control implementation without owning operations
What we offer
* Full-time opportunity with Perm/Freelancer contract.
* Flexibility to work 100% remotely or hybrid in one of the offices in Madrid, Barcelona, Córdoba or Coruña.
* Chance to work in a high‐impact global technology environment, driving governance and security maturity.
* Exposure to advanced automation, AI‐driven processes, and highly scalable digital platforms.
If you are interested and want to contribute to a modern, innovation‐driven global organisation, please apply to this offer with your CV, so we can contact you for more information.