Cybersecurity Governance, Risk & Compliance (GRC) Lead

Cybersecurity Governance, Risk & Compliance (GRC) Lead – Madrid, Spain. Posted Yesterday. Requisition id: R1700. At ALS, we encourage you to dream big. When you join us, you’ll be part of a global team harnessing the power of scientific testing and data-driven insights to build a healthier future.

• Governance & Strategy
  • Develop, maintain, and communicate the cybersecurity governance framework, including policies, standards, and guidelines.
  • Define the enterprise cybersecurity strategy in alignment with business objectives and risk appetite.
  • Establish decision-making structures for cybersecurity, including committees or boards for risk and compliance oversight.
  • Provide executive reporting to the senior management on cybersecurity posture, compliance status, and risk exposure.
• Risk Management
  • Identify, assess, and prioritize cybersecurity risks across the organization.
  • Implement enterprise risk management processes for IT and cybersecurity, including risk assessment, mitigation, and monitoring.
  • Collaborate with business and IT leaders to ensure risk-aware decision-making in projects, operations, and third-party engagements.
  • Maintain alignment with global and local regulations, industry standards (ISO 27001, NIST), and the Essential 8 framework where relevant.
• Compliance & Regulatory Oversight
  • Ensure compliance with relevant regulations (e.g., GDPR, NIS2, ISO 27001) and relevant industry-specific standards.
  • Lead internal audits, regulatory assessments, and third-party compliance evaluations.
  • Implement remediation plans for audit findings and track progress against compliance initiatives.
• Security Awareness & Culture
  • Drive cybersecurity awareness programs across the organization.
  • Provide guidance and training to business units to embed security practices in daily operations.
• Leadership & Team Development
  • Lead and mentor GRC team members, ensuring skill development and alignment with organizational priorities.
  • Serve as a key advisor to senior management on cybersecurity strategy, emerging threats, and regulatory changes.
  • Act as liaison with external partners, auditors, and regulators on cybersecurity GRC matters.

• Bachelor’s degree in Information Technology, Cybersecurity, or related field; Master’s preferred.
• Extensive experience in information security, governance, risk management, and compliance, ideally in multinational organizations.
• Proven leadership of GRC programs and teams, with experience managing cross-functional initiatives.
• Strong knowledge of EU cybersecurity and data protection regulations (GDPR, NIS2) and international security frameworks (ISO 27001, NIST).
• Experience with risk assessment methodologies, control frameworks, and compliance tools.
• Excellent strategic thinking, stakeholder management, and communication skills.

• Percentage of IT and business processes compliant with internal security standards and regulatory requirements.
• Number of significant cybersecurity risks mitigated or reduced annually.
• Timeliness and effectiveness of audit findings remediation.
• Employee cybersecurity awareness and training completion rates.
• Successful integration of GRC considerations into major IT projects and operational initiatives.

The ALS team is a diverse and dedicated community united by our passion to make a difference in the world. Our values shape how we work, how we treat each other, and how we recognise excellence. You’ll be supported to develop new skills and reach your full potential. We invest in our people with programs and opportunities that help you build a diverse career with us. We want everyone to have a safe, flexible and rewarding career that makes a positive impact on our people, the planet and our communities.

ALS is proud to be an equal opportunity employer and is committed to fostering an inclusive work environment where the strengths and perspectives of each employee are recognised and valued. ALS also welcomes applications from people with all levels of ability. Accommodation is available on request for candidates taking part in all aspects of the selection process.

To be eligible to work at ALS you must be a Citizen or Permanent Resident of the country you are applying for, or either hold or be able to obtain a valid working visa.

Please apply online and provide a cover letter and CV that best demonstrate your motivation and ability to meet the requirements of this role. Introduce Yourself: We’re all about people – show us who you are and why you’re passionate about working with us by submitting your resume, and we’ll keep it on file for future opportunities.

J-18808-Ljbffr