Chief Information Security Officer (CISO) / Head of Security

We are seeking a highly experienced and strategic Chief Information Security Officer (CISO) to lead and oversee the organization’s global cybersecurity strategy, policies, and governance. The CISO will play a pivotal role in protecting the company's critical assets, including information systems, networks, intellectual property, and data across all business units and subsidiaries.

This executive position will also be responsible for coordinating the certification and compliance efforts of the company's subsidiaries, ensuring alignment with group-wide cybersecurity standards and regulatory requirements.

Key Responsibilities

Cybersecurity Strategy & Governance

• Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with business objectives and risk appetite.
• Maintain the Information Security Management System (ISMS) for the group.
• Establish policies, standards, and frameworks to continuously improve the company’s security posture.

Risk Management & Asset Protection

• Identify, evaluate, and mitigate cybersecurity risks across the organization and its subsidiaries.
• Conduct regular security risk assessments and penetration testing to protect systems and data.
• Lead efforts to secure critical infrastructure, proprietary data, and operational technologies

Subsidiary Certification & Alignment

• Coordinate and oversee the cybersecurity certification processes (e.g., ISO 27001, NIS2, DORA ) across all subsidiaries.
• Support local Managers to ensure harmonization of security standards across the group.
• Monitor subsidiary compliance with group policies, legal and regulatory frameworks.

Incident Response & Threat Management

• Build and lead a Security Operations Center (SOC) and incident response team.
• Build and lead a Vulnerability Operations Center ( VOC)
• Drive Cyber Crisis Simulation Exercise
• Develop and execute incident response plans and forensics capabilities.
• Stay up to date with emerging threats, vulnerabilities, and regulatory changes.

Awareness, Training & Culture

• Promote a strong security culture within the organization.
• Define and implement security awareness training programs for all employees.
• Serve as the internal advocate for security best practices.

Stakeholder Communication & Reporting

• Report regularly to executive leadership and the Board of Directors on cybersecurity risks, incidents, and compliance status.
• Act as the key contact for external auditors, regulators, and partners regarding information security matters.

Education

• Master's degree in Computer Science, Cybersecurity, or related field.

• Relevant certifications preferred: CISSP, CISM, CISA, ISO 27001, SANS/GIAC.

Experience

• 10+ years in information security.

• Proven experience in security governance, risk management, and regulatory compliance (e.g., ISO 27001, GDPR, NIS2).

• Strong background in IT infrastructure.

Skills

• Deep knowledge of threat landscapes, incident response, mitigation strategies.

• Familiarity with security frameworks: ISO 27001, NIST, CIS Controls, OWASP.

• Capable of leading security audits, penetration tests, BCP/DRP, and compliance assessments.

• Understanding of legal and regulatory cybersecurity issues.

Soft Skills & Leadership

• Strong leadership and team management skills.

• Excellent communicator, able to engage both technical teams and executive leadership.

• Strategic thinker, able to align security vision with business goals.

• Analytical mindset, crisis management, and prioritization skills.

Languages

• Professional English (spoken and written) required for international communication.

Location: Spain or France

Department : TBD

Employment Type: Full-time

Reports to: TBD