Interim GRC Lead - 4 months, hibrido
Empresa
Michael Page
Provincia
Barcelona
Ciudad
Barcelona
Tipo de Contrato
Temporal
Descripción
Interim GRC Lead - 4 months
Reporting to the Head of this team, your main responsibilities will be:
- Coordinate marketplace risk-led self-assessment activities against the updated Minimum Control Baseline
- Facilitate or support workshops with internal stakeholders to understand control implementation, evidence, gaps and remediation needs
- Review and challenge self-assessment responses to ensure outputs are complete, consistent and actionable
- Manage analyst-level work, including trackers, workshop packs, action logs, evidence follow-up and reporting inputs
- Consolidate company outputs into clear views of risk exposure, control gaps, ownership gaps and remediation priorities
- Support remediation action planning, including owners, timelines, blockers and status reporting
- Support BAU PRA activities, including risk exception review, (Big 4 firm)/ internal audit coordination, reporting and action tracking
- Work closely with InfoSec, group teams, control owners and senior stakeholders to maintain momentum and drive delivery.
- Experience leading teams within GRC
- Able to start ASAP
- You have strong experience in information security GRC, IT controls, risk assessment, internal audit, compliance or technology assurance.
- You can translate control requirements into practical questions, actions and evidence expectations for technology and marketplace stakeholders.
- You are confident facilitating workshops, managing stakeholders and driving follow-up in a structured way.
- You have experience reviewing control evidence, identifying gaps and supporting remediation planning.
- You are comfortable managing analyst-level resources and ensuring outputs are clear, consistent and senior-stakeholder ready.
- You bring a pragmatic, delivery-focused mindset and can operate in a complex, decentralised environment.
Nice to have
- Experience with NIS2, GDPR, ISO 27001, NIST CSF, SOC 2 or similar frameworks.
- Experience with AuditBoard, Jira or similar GRC / workflow tools.
- Knowledge of product security, third-party risk, vulnerability management, IAM, incident response, cloud security or security awareness.
- Experience in technology, marketplace, SaaS, e-commerce or federated operating environments.
- Barcelona-based or Spanish-speaking preferred.
- Coordinate marketplace risk-led self-assessment activities against the updated Minimum Control Baseline.
- Facilitate or support workshops with marketplace stakeholders to understand control implementation, evidence, gaps and remediation needs.
- Review and challenge self-assessment responses to ensure outputs are complete, consistent and actionable.
- Manage analyst-level work, including trackers, workshop packs, action logs, evidence follow-up and reporting inputs.
- Consolidate marketplace outputs into clear views of risk exposure, control gaps, ownership gaps and remediation priorities.
- Support remediation action planning, including owners, timelines, blockers and status reporting.
- Support BAU PRA activities, including risk exception review, (BIG 4 firm) / internal audit coordination, reporting and action tracking.
- Work closely with InfoSec, marketplace teams, control owners and senior stakeholders to maintain momentum and drive delivery.
Attractive salary package
Able to start ASAP
Flexible hybrid work model
NIS2, GDPR, ISO 27001, NIST CSF, SOC 2, AuditBoard,
Reporting to the Head of this team, your main responsibilities will be:
- Coordinate marketplace risk-led self-assessment activities against the updated Minimum Control Baseline
- Facilitate or support workshops with internal stakeholders to understand control implementation, evidence, gaps and remediation needs
- Review and challenge self-assessment responses to ensure outputs are complete, consistent and actionable
- Manage analyst-level work, including trackers, workshop packs, action logs, evidence follow-up and reporting inputs
- Consolidate company outputs into clear views of risk exposure, control gaps, ownership gaps and remediation priorities
- Support remediation action planning, including owners, timelines, blockers and status reporting
- Support BAU PRA activities, including risk exception review, (Big 4 firm)/ internal audit coordination, reporting and action tracking
- Work closely with InfoSec, group teams, control owners and senior stakeholders to maintain momentum and drive delivery.
- Experience leading teams within GRC
- Able to start ASAP
- You have strong experience in information security GRC, IT controls, risk assessment, internal audit, compliance or technology assurance.
- You can translate control requirements into practical questions, actions and evidence expectations for technology and marketplace stakeholders.
- You are confident facilitating workshops, managing stakeholders and driving follow-up in a structured way.
- You have experience reviewing control evidence, identifying gaps and supporting remediation planning.
- You are comfortable managing analyst-level resources and ensuring outputs are clear, consistent and senior-stakeholder ready.
- You bring a pragmatic, delivery-focused mindset and can operate in a complex, decentralised environment.
Nice to have
- Experience with NIS2, GDPR, ISO 27001, NIST CSF, SOC 2 or similar frameworks.
- Experience with AuditBoard, Jira or similar GRC / workflow tools.
- Knowledge of product security, third-party risk, vulnerability management, IAM, incident response, cloud security or security awareness.
- Experience in technology, marketplace, SaaS, e-commerce or federated operating environments.
- Barcelona-based or Spanish-speaking preferred.
- Coordinate marketplace risk-led self-assessment activities against the updated Minimum Control Baseline.
- Facilitate or support workshops with marketplace stakeholders to understand control implementation, evidence, gaps and remediation needs.
- Review and challenge self-assessment responses to ensure outputs are complete, consistent and actionable.
- Manage analyst-level work, including trackers, workshop packs, action logs, evidence follow-up and reporting inputs.
- Consolidate marketplace outputs into clear views of risk exposure, control gaps, ownership gaps and remediation priorities.
- Support remediation action planning, including owners, timelines, blockers and status reporting.
- Support BAU PRA activities, including risk exception review, (BIG 4 firm) / internal audit coordination, reporting and action tracking.
- Work closely with InfoSec, marketplace teams, control owners and senior stakeholders to maintain momentum and drive delivery.
Attractive salary package
Able to start ASAP
Flexible hybrid work model
NIS2, GDPR, ISO 27001, NIST CSF, SOC 2, AuditBoard,