We are looking for a GRC Lead to own and scale our Governance, Risk, and Compliance function within a fast-growing product company. This is a key role responsible for ensuring compliance with SOX, ISO 27001, and GDPR, while enabling the business to move fast in a secure and controlled way.
You will act as the main driver of our compliance strategy, working cross-functionally with Engineering, Security, Legal, Finance, and Product teams.
What you will do
- Own and lead the company’s GRC strategy across SOX, ISO 27001, and GDPR
- Design, implement, and maintain SOX control frameworks, including documentation, testing, and audit readiness
- Build and manage the Information Security Management System (ISMS) aligned with ISO 27001
- Ensure GDPR compliance across all data processing activities, including data mapping, DPIAs, and privacy controls
- Lead internal and external audits, acting as the primary point of contact for auditors
- Identify compliance gaps and drive remediation plans with technical and non-technical teams
- Develop governance policies, procedures, and risk management frameworks
- Partner closely with Engineering and Security teams to embed controls into systems and SDLC processes
- Monitor regulatory and compliance changes and translate them into actionable requirements
Requirements
- 8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
- Strong hands-on experience with SOX compliance programs (design, testing, audit coordination)
- Solid knowledge of ISO 27001 and experience managing or supporting ISMS implementation
- Practical experience with GDPR in a product or corporate environment
- Experience working with internal and external auditors
- Strong stakeholder management and communication skills across technical and non-technical teams
- Ability to translate regulatory requirements into scalable business processes
- Fluent English
Nice to have
- Experience in SaaS or product-led companies
- Experience in Big 4 (Deloitte, EY, PwC, KPMG) or similar audit environments
- Familiarity with cloud environments (AWS, GCP, Azure)
- Security certifications (CISA, CISM, ISO 27001 Lead Implementer/Auditor)
Skills Required
- 8+ years of experience in GRC, Risk, Compliance, or IT Audit roles
- Strong hands-on experience with SOX compliance programs
- Solid knowledge of ISO 27001 and experience managing or supporting ISMS implementation
- Practical experience with GDPR in a product or corporate environment
- Experience working with internal and external auditors
- Fluent English
What We Do
Jobandtalent is the world-leading temporary job platform that helps people thrive with their work. We harness the power of technology in order to provide the stability and perks associated with long-term employment. Jobandtalent was founded in 2009 in Madrid with the goal of fundamentally tearing down the barriers of job searching and hiring, and is one of the most successful and fastest growing companies in the industry today. Having placed simplicity and fairness at the core of our platform, we have matched 2,000 clients with over 200,000 people in 2021. With a valuation of $2.4 billion, Jobandtalent is currently the highest valued unicorn in Spain and is backed by leading investors such as SoftBank, Kinnevik, Atomico, Goldman Sachs, Citi and BlackRock. Headquartered in Madrid, but home to the world, the remote-first company is operating in 9+ markets across Europe and the Americas and has ambitious plans for further expansion.
