IT Compliance

VML THE COCKTAIL is a global design consultancy, part of VML. Genuinely engaging with bold organisations to grow another type of business: more human, more transcendent. We combine creativity, design, technology, and data to create products, brands, services, and companies that relate to people, delivering impactful stories for the future.

About the role:

• To be a member of an IT/Data team which provides IT service delivery to a multinational company in Madrid where their users carry out their activity under hybrid work formulas, with a % of them carried out remotely for a Client.
• IT operation is deployed in a highly globalized rather than centralized environment with outsourced operations through several third parties.
• There is a Business Center which includes a Call Center and is part of a client-facing ecosystem where the agents are mainly working remotely.

Responsibilities:

• Create and manage effective remediation plans in response to audit discoveries and compliance violations and monitor the collection of necessary evidence.
• Provide strategic risk guidance for IT projects and product management, including the evaluation and recommendation of technical controls, through delivering security assessments.
• Assist the Client in the development and implementation of new projects from a Privacy by Design approach to ensure solutions that comply with both their internal policies and data protection procedures.
• Regularly audit company procedures, practices, and documents to identify possible weaknesses or risks.
• Establish new procedures, protocols, and internal policies.
• Prepare and manage Compliance Training for raising awareness on Information Security and Data Protection for employees.
• Assist in identifying, investigating, reporting, and correction of compliance issues, irregularities, and violations.
• Be in the front line of action in the event of any possible security incidents or breaches together with the Compliance Manager, assisting in ensuring legal and compliance obligations are followed and that we are in good standing with regulatory agencies when applicable.
• Provide data protection legal advice to employees in relation to the sending of commercial communications on a day-to-day basis.
• Knowledge of Third Party Risk Management, including the assessment, monitoring, and mitigation of risks associated with vendors, partners, and other external parties, and collaborate with DPO and Legal Department to ensure compliance in third-party relationships.

Requirements:

• Based in Madrid.
• 2+ years of experience in a combination of risk management, privacy, information security, and IT jobs.
• Strong work ethic, with a passion for legal advice and new technologies.
• Fluent level of English that allows you to work in the language.
• Experience within validation, risk management, and change control.
• Knowledge and understanding of relevant legal and regulatory requirements and standards, i.e., General Data Protection Regulation (GDPR), ISO27001, NIST2.
• Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment, and meet overall objectives.
• Experience in database security (SQL, Oracle, Azure, etc.) is desirable.