Information Security Manager (Part-time / Full-time – 20h/40h)
La información a continuación detalla los requisitos del puesto, la experiencia esperada del candidato y las cualificaciones correspondientes.
Location: Spain (Hybrid / Remote)
About Nebeus
Nebeus is an all-in-one app that effortlessly merges multi-currency payments, virtual IBANs, cryptocurrency services, and cutting-edge cards, empowering users globally to navigate their dynamic work lifestyles. Nebeus' vision is rooted in financial inclusivity, where everyone, regardless of location, can securely and simply manage their finances while monetizing their skills and talents.
Key facts
* Founded in 2014, backed by ex-VC executives, Seedrs, and the UK government's Future Fund
* Nebeus is a multi-cultural and international team spread across London and Barcelona
Role Mission
The Information Security Manager will be responsible for defining, implementing, and maintaining the company's information security framework and ICT risk management strategy.
This role ensures the protection of digital assets and compliance with applicable regulations, working closely with IT, Compliance, and external partners where necessary.
This position is designed for an autonomous, hands-on professional who will lead the information security function while coordinating with cross-functional teams and leveraging external providers when required.
Key Responsibilities
* Define, implement, and maintain information security policies, procedures, and controls
* Conduct ICT risk assessments and develop mitigation plans
* Ensure compliance with applicable regulations and frameworks (e.g. DORA, ISO 27001, ENS)
* Coordinate internal and external security audits
* Oversee access management, backups, and core cybersecurity controls
* Lead and coordinate the response to security incidents
* Assess and manage third-party and vendor risks
* Promote a strong security culture through internal training and awareness initiatives
* Collaborate closely with IT, Compliance, and the DPO
* Chair the ICT Committee and report regularly to the Board and ExCo on the Group's security posture and key risks
* Own and maintain the Group's ICT risk register, ensuring alignment with the broader enterprise risk management framework
* Oversee security architecture decisions across cloud infrastructure, applications, and third-party integrations
* Manage regulatory reporting obligations related to ICT incidents
* Oversee the Group's Business Continuity Plan (BCP) and Disaster Recovery (DR) programmes
xohynlm
* Own and maintain the incident response framework
Requirements
* 2–5 years of experience in Information Security, Cybersecurity, or IT Risk
* Practical knowledge of security frameworks such as ISO 27001, ENS, or equivalent
* Experience working in regulated environments
* Ability to work independently with a structured and proactive approach
* Strong business-oriented mindset with a pragmatic approach to problem-solving
* Excellent communication skills and ability to work cross-functionally
* Fluency in English and Spanish
What We Offer
* A shorter work day on Fridays
* Health insurance package
* A brand new MacBook
* Refund of training courses relevant to your career and role at Nebeus