Information Security Manager

We are looking for an InfoSec Manager to develop and enforce security strategy, policies, and operations across the company. This role combines governance and hands‑on technical responsibility: from security risk management and IAM to endpoint protection, security operations, and IT infrastructure. Information Security Manager will work closely with leadership and IT teams to ensure resilience against evolving threats and compliance with data protection requirements.

• Ability to collaborate with leadership and technical teams, balancing governance and practical controls;
• Proven experience in developing and maintaining corporate information/cybersecurity strategy aligned with business objectives;
• Strong knowledge of security governance, including definition and enforcement of security policies, standards, and guidelines (information security, PII/data privacy, IAM);
• Practical experience building and maintaining a cybersecurity roadmap and adapting to evolving threats;
• Design and implementation of IT asset management and hands‑on experience conducting risk assessments across infrastructure, applications, and business processes;
• Technical expertise with Identity & Access Management (IAM): SSO, MFA, and RBAC implementations for SaaS and on‑prem applications;
• Experience managing user lifecycle (provisioning, deprovisioning, and access reviews);
• Knowledge of security operations practices: incident detection, response, and recovery;
• Experience securing corporate IT tools such as Google Workspace, Slack, and similar SaaS platforms;
• Familiarity with backup solutions, disaster recovery planning, and business continuity management;
• Practical experience in running Awareness Campaigns, evaluate its effectiveness and continuously improve them;
• Relevant certifications (CISSP, CISM, ISO 27001, or equivalent) are a strong plus;

• Develop and maintain corporate information/cybersecurity strategy aligned with business goals;
• Define and enforce security policies, standards, and guidelines for information security, PII protection, and IAM;
• Build and update a cybersecurity plan based on evolving risks and threats;
• Conduct periodical risk assessments of infrastructure, applications, and processes based on the comprehensive asset management;
• Integrate data confidentiality and privacy (PII) protection into daily operations ("privacy by design");
• Manage Accesses with SSO, MFA, and RBAC implementations on corporate systems;
• Oversee provisioning/deprovisioning and regular access reviews;
• Manage workstation and laptop security, including BYOD policies;
• Establish incident detection, response, and recovery processes;
• Ensure secure configuration of corporate tools (Google Workspace, Slack, etc.);
• Maintain backup, disaster recovery, and business continuity readiness;
• Execute Information Security Awareness campaigns;

• Flexible payment options: choose the method that works best for you.
• Tax assistance included: we handle part of your taxes and provide guidance on the local setup.
• Financial perks: bonuses for holidays, birthdays, work milestones and more - just to show we care.
• Learn & grow: we cover courses and certifications — and offer real opportunities to grow your career with us.
• Benefit cafeteria: choose what suits you — sports, language courses, therapy sessions, and more.
• Stay connected: from team‑building events to industry conferences — we bring people together online, offline, and on stage.
• Modern equipment: we provide new laptops along with essential peripherals like monitors and headphones for a comfortable workflow.
• Your schedule, your rules: start your day at 9, 10, or even 11 — we care about results, not clock‑ins.

Mid‑Senior level

Full‑time

Information Technology

IT Services and IT Consulting

Location: Madrid, Community of Madrid, Spain