Senior Information Security Manager

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Ebury is seeking a high-caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit-ready and serves as a strategic enabler for Ebury’s global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.

This is an pportunity to be a strategic part of an experienced infosec team at a high-growth fintech scale-up.

What you’ll do

Governance & Compliance (BAU)

GRC Strategy & Architecture: Design, implement, and mature our global GRC framework, collaborating with other teams to align it with ISO 27001, NIST, GDPR, and DORA.

• Risk Management Lifecycle: Own the risk assessment process - you will lead the quantification and communication of risk to business stakeholders to drive informed decision-making.
• Audit Ownership: Lead and manage external audits as the primary liaison. This includes overseeing the remediation of findings and ensuring we remain continuously compliant across multiple jurisdictions.
• TPRM Leadership: Mature our Third-Party Risk Management program. You will define the standards for vendor security and ensure high-impact partners meet Ebury’s rigorous risk appetite.
• Regulatory Horizon Scanning: Proactively monitor the evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design the roadmaps to ensure Ebury remains ahead of the curve.

Strategic Projects & Process Maturation

• GRC Automation: Lead the selection and full-scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
• Strategic Advisory: Act as a high-level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business move.
• Cultural Leadership: Design and champion advanced security awareness programs that focus on shifting organizational behavior through metrics-driven insights.

What you’ll need

• 5+ years of experience in Information Security, GRC, or Risk Management roles
• Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
• Analytical skills: Ability to assess a "Security Exception" , experience with regulatory audits and working with financial regulators.
• Hands-on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g. OneTrust).
• Team player with exceptional communication and stakeholder management skills.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor are preferred.

Why Ebury?

• Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
• Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
• Cutting-Edge Technology: Leverage state-of-the-art tailor made tools and systems that enable you to perform at your best.
• Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
• Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
• Generous Benefits Package: Access competitive benefits tailored to your location, which typically include health care and social benefits.
• Central Madrid Office: A fantastic location with excellent transport links.

Ready to launch your career with a global FinTech? Click the ‘Apply’ Today and discover your potential at Ebury!

You can also connect with me on LinkedIn  - Fabienne Zigrit

#LI-FZ1

#LI-HYBRID

Senior Information Security Manager

Ebury Madrid Office - Hybrid: 4 days in the office, 1 day working from home per week

Ebury is seeking a high-caliber Information Security & GRC Manager to spearhead our global governance, risk, and compliance initiatives. This role is for a seasoned professional who thrives on owning programs rather than just executing tasks. You will act as the primary architect of our security frameworks, ensuring our ISMS is audit-ready and serves as a strategic enabler for Ebury’s global expansion. You will be the bridge between technical security requirements and business risk, providing expert guidance on complex regulatory landscapes.

This is an pportunity to be a strategic part of an experienced infosec team at a high-growth fintech scale-up.

What you’ll do

Governance & Compliance (BAU)

GRC Strategy & Architecture: Design, implement, and mature our global GRC framework, collaborating with other teams to align it with ISO 27001, NIST, GDPR, and DORA.

• Risk Management Lifecycle: Own the risk assessment process - you will lead the quantification and communication of risk to business stakeholders to drive informed decision-making.
• Audit Ownership: Lead and manage external audits as the primary liaison. This includes overseeing the remediation of findings and ensuring we remain continuously compliant across multiple jurisdictions.
• TPRM Leadership: Mature our Third-Party Risk Management program. You will define the standards for vendor security and ensure high-impact partners meet Ebury’s rigorous risk appetite.
• Regulatory Horizon Scanning: Proactively monitor the evolving fintech regulatory landscape (e.g., EU AI Act, NIS2, regional cyber laws) and design the roadmaps to ensure Ebury remains ahead of the curve.

Strategic Projects & Process Maturation

• GRC Automation: Lead the selection and full-scale implementation of automated GRC platforms to establish automation and robustness in GRC operations.
• Strategic Advisory: Act as a high-level consultant for new product launches and international expansions, ensuring "Security by Design" is baked into strategic business move.
• Cultural Leadership: Design and champion advanced security awareness programs that focus on shifting organizational behavior through metrics-driven insights.

What you’ll need

• 5+ years of experience in Information Security, GRC, or Risk Management roles
• Strong knowledge of information security standards and regulations (ISO 27001, SOC 2, GDPR, FCA/DORA, NIST, etc.).
• Analytical skills: Ability to assess a "Security Exception" , experience with regulatory audits and working with financial regulators.
• Hands-on experience implementing risk management processes, control frameworks, and security metrics. Familiarity with GRC or risk platforms (e.g. OneTrust).
• Team player with exceptional communication and stakeholder management skills.
• Industry certifications such as CISSP, CRISC, CISA, or ISO 27001. Lead Implementer/Auditor are preferred.

Why Ebury?

• Competitive Starting Salary with an annual discretionary bonus that truly rewards your performance from day one.
• Dedicated Mentorship: Learn directly from experienced managers who are invested in your success.
• Cutting-Edge Technology: Leverage state-of-the-art tailor made tools and systems that enable you to perform at your best.
• Clear, Accelerated Career Progression: Defined pathways to leadership and specialist roles within Ebury.
• Dynamic & Supportive Culture: Work in a collaborative environment where teamwork and personal growth are prioritized.
• Generous Benefits Package: Access competitive benefits tailored to your location, which typically include health care and social benefits.
• Central Madrid Office: A fantastic location with excellent transport links.

Ready to launch your career with a global FinTech? Click the ‘Apply’ Today and discover your potential at Ebury!

You can also connect with me on LinkedIn  - Fabienne Zigrit

#LI-FZ1

#LI-HYBRID

The Challenge

With growth comes commercial complexity. Our EMEA business spans dozens of markets, currencies, and contract frameworks, and our GTM teams move fast. As our Senior Manager of Order Management in Madrid, you'll be the commercial anchor for the region, the person GTM turns to when deals get complicated, when structure matters, and when quality can't be compromised. You'll lead a team of Deal Desk Analysts, operate with autonomy, and set the standard for what great deal execution looks like. This isn't a back-office support role. It's a seat at the commercial table.

Your Mission

As the commercial backbone of EMEA Deal Desk, you will:

• Build, coach, and develop a high-performing team of Deal Desk Analysts, setting clear expectations, creating development paths, and fostering a culture where your team makes decisions with confidence.

• Serve as the primary Deal Desk partner to EMEA GTM leadership, from front-line AEs to Regional VPs and SVP, bringing commercial expertise to strategic deals, QBRs, and forecast conversations.

• Drive deal quality, consistency, and velocity across the region, owning the standard for how deals are structured, reviewed, and approved.

• Lead complex deal structuring, including multi-year terms, ramps, co-terms, restructures, and non-standard commercial arrangements, guiding your team and escalating with judgment.

• Influence governance and approval workflows, establishing clear guardrails while empowering your team to move fast within them.

• Champion AI-native deal workflows, identifying where AI can accelerate deal review, improve consistency, and reduce manual effort, and then actually building those workflows with your team.

• Partner closely with Legal, Finance, and Order Operations on high-complexity or high-risk deals, bridging the gap between commercial intent and contractual execution.

• Bring structure and repeatability to deal processes, documenting business rules, identifying gaps, and continuously raising the bar on how the team operates.

• Operate as a true peer to GTM leadership, not just a support function. You have a point of view on deal strategy.

• Collaborate with the Order Management Director and global OM leadership to align regional practices with global standards and drive cross-regional consistency.

You Are

A commercially sharp, calm-under-pressure leader who knows how to build trust. You coach your team with intention; you don't just fix problems, you build capability. You're decisive when it matters, curious when it doesn't, and you know how to operate across cultures and time zones. You've earned credibility with Sales teams not by saying yes to everything, but by being an expert on deal structure. You hold the line when it matters and find creative paths when it doesn't.

You don't just use AI tools, you build a team around them. You see AI as a genuine competitive advantage for your team, and you bring your analysts along with you. Whether it's automating a review workflow, using AI to accelerate contract redlines, or building a playbook with AI assistance, you lean in. You're not waiting for the company to mandate AI adoption. You're already there.

Your Experience Includes

• 4+ years of experience in Deal Desk or Order Management, with 1+ years in a people leadership role

• Proven track record of building and coaching high-performing Deal Desk teams

• Advanced expertise in complex deal structuring: ramps, co-terms, multi-year, cancel & replace, true-ups, and restructures

• Deep fluency in revenue metrics: ARR, ACV, TCV, and Churn, and the ability to explain them clearly to any audience

• Strong contract literacy, comfortable reading, interpreting, and drafting T&Cs and order forms

• EMEA commercial experience, multi-currency deals, regional pricing nuances, and awareness of local compliance requirements

• Embraces AI as part of everyday work, using enterprise tools confidently to move faster, work smarter, and raise the bar for the team.

• Advanced knowledge of CPQ platforms (e.g., Salesforce CPQ, DealHub, Zuora CPQ, or equivalent)

• Advanced knowledge of Quote-to-Bill systems and end-to-end deal lifecycle processes

• Strong cross-functional stakeholder management, comfortable influencing Legal, Finance, Sales Ops, and GTM leadership without direct authority

• Excellent written and verbal communication skills in English; Spanish is a strong advantage

• Bilingual in English and Spanish, able to support commercial conversations and contract review in both languages

• Bachelor's degree in Finance, Business Administration, Accounting, or equivalent experience

Extra Awesome

• Demonstrated ability to adopt, champion, and scale AI tools in a professional Deal Desk environment

• Experience in privacy, trust, GRC, or compliance SaaS, you understand the space and the customer

• Hands-on experience with AI prompt engineering or building AI-assisted workflows in a commercial context

• Can build reports and dashboards in Salesforce and Excel; Power BI or equivalent analytics experience

• Familiarity with CLM solutions (e.g., Ironclad) and how they integrate into the deal workflow

• Exposure to CPQ evaluation, vendor assessment, or tooling migration, you've helped choose and implement the tools you work in

• Background in a high-growth SaaS company

• Experience maintaining and evolving a Deal Desk playbook, business rules repository, or deal approval matrix

The Challenge

We are looking for a dynamic Information Security GRC Analyst to support IT and InfoSec by performing various governance, risk, and compliance activities as part of the OneTrust InfoSec GRC team.

Your mission

• Customer Security Assurance & Questionnaires
  
  
• • Own a high volume of end-to-end completion of customer security questionnaires (CAQs), RFP security sections, and other assurance artifacts (e.g., SIG, CAIQ, custom questionnaires).

  • Provide accurate, consistent, and defensible responses by leveraging internal evidence repositories (SOC reports, ISO certificates, policies, standards, diagrams, pen test summaries, etc.).

  • Partner with internal stakeholders (Sales, Marketing, Customer Success, Security, Engineering, Privacy, Legal, Compliance, Product) to validate responses and resolve gaps.

• Customer Engagement & Security Discussions

  • Meet with customers and prospects to explain security controls, risk posture, and compliance commitments.

  • Present security topics with confidence and clarity—tailoring depth for technical and non-technical audiences.

  • Support Sales and Customer Success by addressing security objections, clarifying customer audit scope, and enabling procurement cycles.

• Contract & Security Review

  • Perform security reviews of contracts, DPAs, security addenda, and customer security terms.

  • Identify security requirements, non-standard obligations, and risk areas; propose mitigations and collaborate with Legal and Security leadership on negotiation positions.

  • Track contractual security commitments and help ensure they are operationally feasible and aligned with control coverage.

• Operational Excellence

  • Improve team efficiency through standardization, playbooks, and continuous refinement of response libraries.

  • Demonstrated ability to manage, prioritize, and execute a high volume of concurrent requests with accuracy and consistency, while meeting SLAs and maintaining quality standards in a fast-paced environment.

  • Contribute to internal readiness by keeping evidence current, identifying control documentation gaps, and recommending process improvements.

You Are

• • 2-5 years of relevant experience in information security, security compliance, GRC, security assurance, third-party risk, or customer trust functions.

  • Demonstrated experience responding to customer security questionnaires and security due diligence requests.

  • Familiarity with common frameworks and attestations: SOC 2, ISO 27001, NIST, CIS, PCI DSS, HIPAA, GDPR, etc.

  • Strong understanding of security fundamentals (e.g., access control, encryption, vulnerability management, secure SDLC, incident response, logging/monitoring, vendor risk).

  • Experience collaborating cross-functionally (Security, Legal, Privacy, Engineering, Sales).

  • Excellent written and verbal communication skills—able to translate technical controls into clear, customer-ready responses.

  • Strong organizational skills and ability to manage multiple requests with competing deadlines.

• Preferred / Nice-to-Have

  • Industry certifications such as CISA and/or CISM (or equivalent).

  • Experience reviewing/negotiating security contract terms, security addendums, and customer assurance language.

  • Background in SaaS/cloud security assurance or supporting enterprise customers.

• Core Competencies

  • Customer-oriented mindset with the ability to maintain security rigor while enabling business outcomes.

  • Risk-based thinking—knows when to escalate, when to propose mitigations, and how to document decisions.

  • Attention to detail and commitment to consistency, defensibility, and evidence-based responses.

  • Comfort with ambiguity and strong ability to drive outcomes in a fast-paced environment.

  • High-Throughput Execution – Ability to efficiently manage and deliver a high volume of security assurance requests while maintaining quality, accuracy, and timeliness.

• What Success Looks Like (First 90 Days)

  • Independently handles a steady volume of questionnaires with high accuracy and improved cycle times.

  • Builds trusted partnerships with Legal/Privacy/Security to streamline approvals and escalations.

  • Leads customer security calls effectively and contributes to deal progression.

  • Establishes reusable response patterns and mentors junior staff to raise overall team quality.

Meet the Team

Legal & Policy

As the legal team, we  support all areas of Fever by offering clear advice, risk management, and legal insight that allow teams to move quickly and stay focused on what matters. We ensure alignment with local laws and regulations to support safe and compliant growth wherever Fever operates.

Our team is structured in:l Intellectual Property, Mergers & Acquisitions (M&A), Joint Ventures, Privacy, and Paralegal support. Together, we cover the full legal landscape to meet the needs of a growing global business like Fever.

Our objective is to protect the Fever brand and confidential information. We do this by guiding regulatory compliance and business expansion, handling legal complaints and disputes, reviewing and creating legal documents, managing incident reports and insurance claims, and developing and advising on corporate policies.

Join us if you are ready to tackle global challenges and provide strategic legal leadership to protect the long-term success of a rapidly growing tech leader.

The Role

We have an exciting new opportunity for a candidate with a strong background in Legal Operations to join the Fever Legal GRC & Policy Team, here in Madrid. We’re looking for applicants who have experience working in inhouse legal teams, and who are interested in shaping the future of Legal Operations at Fever.  

As a Legal Operations Manager, you will be a strategic leader responsible for driving operational efficiency, implementing scalable processes, and aligning the legal department’s operations with broader business objectives. This role oversees the range of functions performed by the Legal Operations team, and involves the day-to-day management of team members. 

What You’ll Do

• Lead the Legal Operations function, driving initiatives to improve operational and cost efficiency.
• Oversee the legal tech, knowledge management, case support and documentation and administrative functions within the team.
• Lead initiatives related to contract lifecycle management, matter management, and compliance tracking.
• Create and monitor department budgets, track spending, and identify cost-saving opportunities.
• Manage a team of paralegals and legal operations staff, including assigning tasks, mentoring, and conducting performance reviews.
• Serve as a key liaison between the legal department and other business functions, ensuring alignment with company goals.
• Coordinate training and professional development for the Legal Operations team.

Who You Are

• Have 3+  years of experience in legal operations or a similar role.
• Demonstrate expertise in legal technology tools, process improvement, and operational management.
• Have strong leadership and mentoring skills, and excellent analytical and problem-solving abilities.
• Have excellent communication and interpersonal skills, including cultural awareness, and empathy (work with international teams and projects, is a plus).
• Be professionally fluent in English. Another language is a plus (in particular German, French, Portuguese, Italian, Japanese, Arabic, or Korean).
• Have interests and skills beyond the "usual". We look for diversity in applications, for e.g. an interest in or experience with coding, development and API integrations.

You can expect to join a team of diverse, hardworking and kind professionals, where a cultural fit is someone looking to have an impact and work nimbly. We will strive to provide you the tools and information needed to be successful at your role and grow professionally. 

We welcome applications with unusual backgrounds with the expectation that the applicant will have acquired hard or soft skills and maturity throughout their experiences.

Why You’ll Love It Here

• Attractive compensation package
• Opportunity to have a real impact in a high-growth global category leader
• 40% discount on all Fever events and experiences
• Work in a location in the heart of Madrid
• Home office friendly
• Responsibility from day one and professional and personal growth
• Great work environment with a young, international team of talented people to work with!
• Health insurance
• Flexible remuneration with a 100% tax exemption through Cobee
• English & Spanish Lessons
• WellHub membership
• We have free snacks, drinks, and fruit at the office!
• Possibility to receive in advance part of your salary by Payflow

#LI-hybrid #LI-fulltime

Meet the Team

Legal & Policy

As the legal team, we  support all areas of Fever by offering clear advice, risk management, and legal insight that allow teams to move quickly and stay focused on what matters. We ensure alignment with local laws and regulations to support safe and compliant growth wherever Fever operates.

Our team is structured in:l Intellectual Property, Mergers & Acquisitions (M&A), Joint Ventures, Privacy, and Paralegal support. Together, we cover the full legal landscape to meet the needs of a growing global business like Fever.

Our objective is to protect the Fever brand and confidential information. We do this by guiding regulatory compliance and business expansion, handling legal complaints and disputes, reviewing and creating legal documents, managing incident reports and insurance claims, and developing and advising on corporate policies.

Join us if you are ready to tackle global challenges and provide strategic legal leadership to protect the long-term success of a rapidly growing tech leader.

The Role

We have an exciting new opportunity for a candidate with a strong background in Legal Operations to join the Fever Legal GRC & Policy Team, here in Madrid. We’re looking for applicants who have experience working in inhouse legal teams, and who are interested in shaping the future of Legal Operations at Fever.  

As a Legal Operations Manager, you will be a strategic leader responsible for driving operational efficiency, implementing scalable processes, and aligning the legal department’s operations with broader business objectives. This role oversees the range of functions performed by the Legal Operations team, and involves the day-to-day management of team members. 

What You’ll Do

• Lead the Legal Operations function, driving initiatives to improve operational and cost efficiency.
• Oversee the legal tech, knowledge management, case support and documentation and administrative functions within the team.
• Lead initiatives related to contract lifecycle management, matter management, and compliance tracking.
• Create and monitor department budgets, track spending, and identify cost-saving opportunities.
• Manage a team of paralegals and legal operations staff, including assigning tasks, mentoring, and conducting performance reviews.
• Serve as a key liaison between the legal department and other business functions, ensuring alignment with company goals.
• Coordinate training and professional development for the Legal Operations team.

Who You Are

• Have 3+  years of experience in legal operations or a similar role.
• Demonstrate expertise in legal technology tools, process improvement, and operational management.
• Have strong leadership and mentoring skills, and excellent analytical and problem-solving abilities.
• Have excellent communication and interpersonal skills, including cultural awareness, and empathy (work with international teams and projects, is a plus).
• Be professionally fluent in English. Another language is a plus (in particular German, French, Portuguese, Italian, Japanese, Arabic, or Korean).
• Have interests and skills beyond the "usual". We look for diversity in applications, for e.g. an interest in or experience with coding, development and API integrations.

You can expect to join a team of diverse, hardworking and kind professionals, where a cultural fit is someone looking to have an impact and work nimbly. We will strive to provide you the tools and information needed to be successful at your role and grow professionally. 

We welcome applications with unusual backgrounds with the expectation that the applicant will have acquired hard or soft skills and maturity throughout their experiences.

Why You’ll Love It Here

• Attractive compensation package
• Opportunity to have a real impact in a high-growth global category leader
• 40% discount on all Fever events and experiences
• Work in a location in the heart of Madrid
• Home office friendly
• Responsibility from day one and professional and personal growth
• Great work environment with a young, international team of talented people to work with!
• Health insurance
• Flexible remuneration with a 100% tax exemption through Cobee
• English & Spanish Lessons
• WellHub membership
• We have free snacks, drinks, and fruit at the office!
• Possibility to receive in advance part of your salary by Payflow

#LI-hybrid #LI-fulltime

About the role:

The Information Security, Risk & Compliance Specialist will play a key role in developing and executing the information security and cybersecurity compliance roadmap, focusing on maintaining key certifications such as ISO 27001, ENS, among others and driving the company’s commitment to achieving the highest security standards. 

The successful candidate will work closely with internal teams to review and maintain information security policies, conduct risk assessments, ensure alignment with governance frameworks and to manage and respond to security questionnaires. Furthermore, it will assist in preparing for external audits and actively work to strengthen the organization's security posture by identifying areas for compliance improvement. The position requires a solid understanding of security frameworks, governance processes, and risk management to ensure the organization's certifications and policies remain up to date.

Join us if you thrive in a fast-paced environment and are excited about pushing the boundaries of what's possible. This is an opportunity to have a real impact in a high-growth global category leader.

What would you do at Fever?

On your first month in Fever:

• You will be fully integrated into the team. You will participate in planning and follow-up meetings with other areas.
• You will have met the departments of Fever.
• You will get familiar with Fever's technological structure and ecosystem (applications, infrastructure, architecture, etc.)
• You will get familiar with Fever’s Information Security and Cyber Security Programme, GRC tools and documentation.

After 3 months in Fever:

• You will participate in the review and development of the documentation framework and standards.
• You will start collaborating with various internal teams in the preparation and response to security questionnaires and/or requirements.
• You will perform due diligence reviews on third-party vendors and service providers to evaluate their cybersecurity posture.
• You will start participating in the risk management process for information security and cybersecurity risks.

On your 6th month in Fever:

• You will develop a solid understanding of the information security and cybersecurity program, including its standards, governance structure and risk management methodology.
• You will manage processes related to security questionnaires and requirements coordinating with both internal and external stakeholders.
• You will manage the cybersecurity review process for third-party vendors.
• You will have full visibility into the compliance roadmap and actively participate in achieving its objectives.

Qualifications:

Must have:

• Bachelor or Master’s Degree in Computer Science, Information Security, Risk Management or another similar relevant degree (or equivalent experience in an GRC Security role).
• 4+ years of relevant experience on Information Security, Governance, Risk and Compliance projects, managing or owning the execution of the projects.
• Strong understanding of security frameworks and standards, such as ISO 27001, NIST, SOC2, or similar.
• Strong understanding of Cloud environments.
• Proven experience in conducting security assessments, risk assessments and security vendors review.
• Analytical skills, autonomy and accountability.
• Fluent in english.
• Excellent communication skills.

It would be a plus if you have:

• Relevant technical and industry certifications are a plus (e.g. CISA, CISM, ISO 27001 Lead Implementer/Auditor, CISSP, CRISC, etc).
• Familiarity with cybersecurity tools and technologies (e.g., vulnerability assessment tools, incident response and alerting platforms, etc).

Benefits & Perks

• Opportunity to have a real impact in a high-growth global category leader
• 40% discount on all Fever events and experiences
• Position based in Madrid, home office friendly.
• Relocation package for international candidates
• Responsibility from day one and professional and personal growth
• Great work environment with a young, international team of talented people to work with!
• Health insurance and other benefits such as Flexible remuneration with a 100% tax exemption through Cobee.
• English Lessons
• Gympass Membership
• Possibility to receive in advance part of your salary by Payflow.
• Attractive compensation package consisting of base salary and the potential to earn a significant bonus for top performance.