GRC / Security Lead

At Maisa, we're solving enterprise AI's biggest challenge: trust. We've created the first platform that enables enterprises to build reliable Digital Workers for automating knowledge work without production failures or traditional automation limitations.
We're pioneering Agentic Process Automation for regulated industries. From banking to healthcare, our Digital Workers deliver verified, traceable results that meet the strictest compliance requirements.
Join us in transforming how enterprises work by making AI accountable for mission critical processes, turning Digital Workers into trusted team members, and empowering the people who know the work to finally automate it.

We're looking for a GRC / Security Lead to build and maintain trustworthy, compliant, and secure systems that our customers, partners, and auditors can rely on. This role sits at the critical intersection of technology, legal, and operations—ensuring we can not only build secure products but also prove our security posture to the world.

You'll be responsible for establishing our security foundation from the ground up, implementing compliance frameworks that scale with our growth, and serving as the trusted face of security for our customers and partners. This role reports directly to the COO and will work closely with the leadership team across all areas.

• Develop comprehensive security policies covering data classification, access management, vendor management, and incident response
• Create governance frameworks that align the entire organization around security best practices
• Define clear roles and responsibilities for information security processes across all teams
• Ensure organizational alignment through employee onboarding, security awareness training, and comprehensive documentation

• Conduct comprehensive risk assessments across infrastructure, vendor relationships, and internal processes
• Own and maintain the enterprise risk register with detailed mitigation plans and timelines
• Execute regular third-party vendor assessments for data security posture (including cloud providers like AWS, AI services like OpenAI APIs, and SaaS tools)
• Implement risk monitoring processes with regular reporting to executive leadership

• Lead compliance certification initiatives (SOC 2, ISO 27001, GDPR) and industry-specific requirements
• Maintain auditable evidence through logging, access reviews, vulnerability scanning, and control testing
• Coordinate with external auditors and manage relationships with compliance automation tools (Vanta, Drata, TrustCloud)
• Monitor and update data privacy and security controls across all organizational functions
• Ensure continuous compliance through regular control assessments and gap analysis

• Respond to security questionnaires and manage automated response systems to streamline the process
• Serve as primary security contact for RFPs, due diligence processes, and vendor security reviews
• Host security review calls with customers' legal, IT, and procurement departments
• Maintain and update Trust Center content and security documentation for customer transparency
• Support sales enablement through security collateral and competitive positioning

• 3-5 years in security-focused operations, technical program management, or DevOps/Infrastructure
• Deep familiarity with compliance frameworks (SOC 2, ISO 27001, GDPR, HIPAA)
• Experience with cloud security architectures and modern technology stacks
• Proven track record managing multiple concurrent security initiatives

• Strong ability to interpret legal/regulatory requirements and translate them into technical controls
• Exceptional documentation and project management capabilities
• Excellent communication skills for technical teams, executives, and external stakeholders
• Analytical mindset for risk assessment and control effectiveness evaluation

• Industry certifications (CISSP, CISA, CISM, or equivalent)
• Previous startup or high-growth company experience
• Experience with AI/ML security considerations and data protection
• Background in customer-facing security roles or professional services

First 90 Days:

• Assess current security posture and identify immediate priorities
• Establish foundational security policies and procedures
• Implement compliance automation tools and begin evidence collection

Year 1:

• Achieve SOC 2 Type I certification
• Build streamlined security questionnaire response process
• Establish mature risk management program with executive reporting
• Enable rapid customer security reviews and onboarding

Year 2:

• Achieve SOC 2 Type II certification and additional compliance certifications
• Scale security processes to support significant business growth
• Develop advanced customer security enablement capabilities
• Build security into a competitive advantage

• Direct Impact: Build our security program from the ground up and see immediate results
• Customer-Facing: Work directly with customers and partners as the trusted face of security
• Strategic Influence: Report to the COO and influence company-wide security decisions
• Growth Opportunity: Scale with the company and build a security team as we grow
• Cutting-Edge: Work with modern compliance automation tools and emerging security technologies

• Competitive salary and meaningful equity participation
• Professional development budget for certifications and training
• Clear growth path with opportunity to build and lead a security team
• Collaborative environment where your expertise directly shapes our success

Department

Operations

Locations

Barcelona Remote, Madrid Remote, Spain Remote

Remote status

Fully Remote

Let’s recruit together and find your next colleague.