Senior Information Security Manager

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Ebury is seeking a high-caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit-ready and serves as a strategic enabler for Ebury’s global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.

This is an pportunity to be a strategic part of an experienced infosec team at a high-growth fintech scale-up.

What you’ll do

Governance & Compliance (BAU)

GRC Strategy & Architecture: Design, implement, and mature our global GRC framework, collaborating with other teams to align it with ISO 27001, NIST, GDPR, and DORA.

• Risk Management Lifecycle: Own the risk assessment process - you will lead the quantification and communication of risk to business stakeholders to drive informed decision-making.
• Audit Ownership: Lead and manage external audits as the primary liaison. This includes overseeing the remediation of findings and ensuring we remain continuously compliant across multiple jurisdictions.
• TPRM Leadership: Mature our Third-Party Risk Management program. You will define the standards for vendor security and ensure high-impact partners meet Ebury’s rigorous risk appetite.
• Regulatory Horizon Scanning: Proactively monitor the evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design the roadmaps to ensure Ebury remains ahead of the curve.

Strategic Projects & Process Maturation

• GRC Automation: Lead the selection and full-scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
• Strategic Advisory: Act as a high-level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business move.
• Cultural Leadership: Design and champion advanced security awareness programs that focus on shifting organizational behavior through metrics-driven insights.

What you’ll need

• 5+ years of experience in Information Security, GRC, or Risk Management roles
• Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
• Analytical skills: Ability to assess a "Security Exception" , experience with regulatory audits and working with financial regulators.
• Hands-on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g. OneTrust).
• Team player with exceptional communication and stakeholder management skills.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor are preferred.

Why Ebury?

• Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
• Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
• Cutting-Edge Technology: Leverage state-of-the-art tailor made tools and systems that enable you to perform at your best.
• Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
• Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
• Generous Benefits Package: Access competitive benefits tailored to your location, which typically include health care and social benefits.
• Central Madrid Office: A fantastic location with excellent transport links.

Ready to launch your career with a global FinTech? Click the ‘Apply’ Today and discover your potential at Ebury!

You can also connect with me on LinkedIn  - Fabienne Zigrit

#LI-FZ1

#LI-HYBRID

Senior Information Security Manager

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Ebury is seeking a high-caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit-ready and serves as a strategic enabler for Ebury’s global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.

This is an pportunity to be a strategic part of an experienced infosec team at a high-growth fintech scale-up.

What you’ll do

Governance & Compliance (BAU)

GRC Strategy & Architecture: Design, implement, and mature our global GRC framework, collaborating with other teams to align it with ISO 27001, NIST, GDPR, and DORA.

• Risk Management Lifecycle: Own the risk assessment process - you will lead the quantification and communication of risk to business stakeholders to drive informed decision-making.
• Audit Ownership: Lead and manage external audits as the primary liaison. This includes overseeing the remediation of findings and ensuring we remain continuously compliant across multiple jurisdictions.
• TPRM Leadership: Mature our Third-Party Risk Management program. You will define the standards for vendor security and ensure high-impact partners meet Ebury’s rigorous risk appetite.
• Regulatory Horizon Scanning: Proactively monitor the evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design the roadmaps to ensure Ebury remains ahead of the curve.

Strategic Projects & Process Maturation

• GRC Automation: Lead the selection and full-scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
• Strategic Advisory: Act as a high-level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business move.
• Cultural Leadership: Design and champion advanced security awareness programs that focus on shifting organizational behavior through metrics-driven insights.

What you’ll need

• 5+ years of experience in Information Security, GRC, or Risk Management roles
• Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
• Analytical skills: Ability to assess a "Security Exception" , experience with regulatory audits and working with financial regulators.
• Hands-on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g. OneTrust).
• Team player with exceptional communication and stakeholder management skills.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor are preferred.

Why Ebury?

• Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
• Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
• Cutting-Edge Technology: Leverage state-of-the-art tailor made tools and systems that enable you to perform at your best.
• Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
• Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
• Generous Benefits Package: Access competitive benefits tailored to your location, which typically include health care and social benefits.
• Central Madrid Office: A fantastic location with excellent transport links.

Ready to launch your career with a global FinTech? Click the ‘Apply’ Today and discover your potential at Ebury!

You can also connect with me on LinkedIn  - Fabienne Zigrit

#LI-FZ1

#LI-HYBRID

About the role:

The Information Security, Risk & Compliance Specialist will play a key role in developing and executing the information security and cybersecurity compliance roadmap, focusing on maintaining key certifications such as ISO 27001, ENS, among others and driving the company’s commitment to achieving the highest security standards. 

The successful candidate will work closely with internal teams to review and maintain information security policies, conduct risk assessments, ensure alignment with governance frameworks and to manage and respond to security questionnaires. Furthermore, it will assist in preparing for external audits and actively work to strengthen the organization's security posture by identifying areas for compliance improvement. The position requires a solid understanding of security frameworks, governance processes, and risk management to ensure the organization's certifications and policies remain up to date.

Join us if you thrive in a fast-paced environment and are excited about pushing the boundaries of what's possible. This is an opportunity to have a real impact in a high-growth global category leader.

What would you do at Fever?

On your first month in Fever:

• You will be fully integrated into the team. You will participate in planning and follow-up meetings with other areas.
• You will have met the departments of Fever.
• You will get familiar with Fever's technological structure and ecosystem (applications, infrastructure, architecture, etc.)
• You will get familiar with Fever’s Information Security and Cyber Security Programme, GRC tools and documentation.

After 3 months in Fever:

• You will participate in the review and development of the documentation framework and standards.
• You will start collaborating with various internal teams in the preparation and response to security questionnaires and/or requirements.
• You will perform due diligence reviews on third-party vendors and service providers to evaluate their cybersecurity posture.
• You will start participating in the risk management process for information security and cybersecurity risks.

On your 6th month in Fever:

• You will develop a solid understanding of the information security and cybersecurity program, including its standards, governance structure and risk management methodology.
• You will manage processes related to security questionnaires and requirements coordinating with both internal and external stakeholders.
• You will manage the cybersecurity review process for third-party vendors.
• You will have full visibility into the compliance roadmap and actively participate in achieving its objectives.

Qualifications:

Must have:

• Bachelor or Master’s Degree in Computer Science, Information Security, Risk Management or another similar relevant degree (or equivalent experience in an GRC Security role).
• 4+ years of relevant experience on Information Security, Governance, Risk and Compliance projects, managing or owning the execution of the projects.
• Strong understanding of security frameworks and standards, such as ISO 27001, NIST, SOC2, or similar.
• Strong understanding of Cloud environments.
• Proven experience in conducting security assessments, risk assessments and security vendors review.
• Analytical skills, autonomy and accountability.
• Fluent in english.
• Excellent communication skills.

It would be a plus if you have:

• Relevant technical and industry certifications are a plus (e.g. CISA, CISM, ISO 27001 Lead Implementer/Auditor, CISSP, CRISC, etc).
• Familiarity with cybersecurity tools and technologies (e.g., vulnerability assessment tools, incident response and alerting platforms, etc).

Benefits & Perks

• Opportunity to have a real impact in a high-growth global category leader
• 40% discount on all Fever events and experiences
• Position based in Madrid, home office friendly.
• Relocation package for international candidates
• Responsibility from day one and professional and personal growth
• Great work environment with a young, international team of talented people to work with!
• Health insurance and other benefits such as Flexible remuneration with a 100% tax exemption through Cobee.
• English Lessons
• Gympass Membership
• Possibility to receive in advance part of your salary by Payflow.
• Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance.

Internal Audit Manager - Third Parties Assurance and Business Resilience

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Role Summary:

We are seeking an experienced and driven Internal Audit Manager to lead and execute third-party and business resilience audits across our growing organisation. This is a critical and high-impact role for someone who thrives on autonomy, has a strong understanding of third-party and resilience risk, and is passionate about delivering value-added assurance in a dynamic environment.

In this role, you will be a key strategic partner to the Head of Internal Audit, helping shape our assurance strategy and annual audit planning. You will also lead the development of a continuous third-party assurance framework to monitor the ongoing performance and risk of external service providers.

Key Responsibilities

• Lead Risk-Based Audits: Plan, execute, and report on internal audits focused on third-party management, outsourcing governance, operational resilience and business continuity.
• Third Party Assurance: Design and implement a continuous monitoring framework to assess third-party risk and compliance, with a focus on regulatory and contractual obligations.
• Stakeholder Engagement: Build strong, trust-based relationships across business functions to ensure a collaborative and forward-looking audit practice.
• Annual Risk Assessment & Planning: Partner with the Chief Internal Auditor and Head of Internal Audit in conducting the annual risk assessment and contribute to the development of the annual internal audit plan.
• Professional Practices: Support audit methodology enhancement, including integration of third-party risk considerations across the audit universe. Promote collaboration and continuous improvement within the Internal Audit function.
• Regulatory Insight: Stay informed on evolving regulations (e.g. FCA PS21/3, DORA), and other industry developments impacting operational resilience and technology risk.
• Innovation & Curiosity: Proactively research emerging technologies, risks, and control solutions, maintaining a learning mindset and bringing new ideas to the audit approach.

What we’re looking for

• Proven experience in internal audit, risk, or assurance roles within financial services is essential.
• Demonstrated experience in third-party / vendor risk management and assurance reviews is essential.
• Experience auditing or working in the First or Second Line of Defense IT, information security and operational risk functions.
• Knowledge of operational resilience regulations, such as FCA operational resilience and DORA.
• Ability to produce clear, concise, and insightful audit reports.
• Able to work independently in a fast changing business environment and manage shifts in priorities.
• Relevant professional certifications such as CIA, ACA, CISA or equivalent
• Exposure to cloud environments (e.g. AWS, GCP), including knowledge of cloud management principles would be a plus.