N-iX is a global software development company founded in 2002, connecting over 2,400+ tech professionals across 40+ countries. We deliver innovative technology solutions in cloud computing, data analytics, AI, embedded software,IoT, and more to global industry leaders and Fortune 500 companies. Join us to create technology that drives real change for businesses and people across the world.
Our customer is a worldwide leader in vehicle repair and insurance claims management, employing over 3,000+ professionals across 40 countries. The company provides comprehensive, cutting-edge solutions that simplify repair and claims processes, delivering efficient and equitable outcomes for all stakeholders.
About the Role
The IT Governance IRM Analyst is responsible for operationalizing the Information Security Risk Management (IRM) framework across the group. This role focuses on the practical implementation of ISO 27001 controls, ensuring that all IT assets are correctly scoped, classified, and protected according to their risk profile. The role acts as a guardian of compliance, bridging the gap between high-level corporate rules and the technical implementation of security controls, ensuring the organization remains
Responsibilities:
Information Risk Assessment (IRM)
- Conduct systematic Risk Assessments to identify, analyze, and evaluate threats to digital assets.
- Ensure all risk management activities align with the client's IRM Framework.
- Document risk treatment plans and follow up on the implementation of mitigating actions.
ISO 27001 Controls monitoring
- Support the rollout and maintenance of Information Security controls based on ISO 27001 and Corporate Rules.
- Collaborate with IT teams to ensure controls (technical and organizational) are implemented effectively.
- Monitor the effectiveness of the control environment and suggest remediations for identified gaps.
- Collect evidence (design / effectiveness) when needed
Scoping & Asset Classification
- Support the identification and scoping of Information Assets within the group's entities.
- Ensure that all assets are accurately classified based on Confidentiality, Integrity, and Availability (CIA) standards.
- Maintain the link between the Asset Inventory (Information Domain Model) and its security requirements.
Audit readiness
- Act as a key point of contact for the IT Risk Function during internal and external audits.
- Ensure evidence of control execution is collected and stored in an auditable manner.
- Track compliance with Corporate Rules across different Portfolio Companies.
- Report on the status of control implementation and risk mitigation plans.
Interfaces
- Application Owners
- Group CIO
- Group Head of IT Governance
- Group Head of IRM
- Global Head of Architecture
- Group CISO / Information Security
- IT governance team
- IT leadership across entities
- Risk Management / Internal Audit
- Internal / External auditors and assessors
Requirements:
- Experience performing IT Risk Assessments in complex environments.
- 3–5 years of experience in Information Security, IT Audit, or IT Compliance.
- Hands-on experience with ISO 27001 (implementation, management, or auditing).
- Familiarity with international security standards, regulatory requirements (e.g., NIS2, GDPR) and industry best practices for IT Risk Management.
- Strong understanding of Risk Management methodologies (e.g., ISO 31000, ISO 27005).
- Knowledge of the ISO 27001:2022 control set (Annex A).
- Ability to interpret "Corporate Rules" and translate them into actionable risk management tasks.
- Experience with GRC (Governance, Risk, and Compliance) software tools is a plus (Archer, others).
- Advanced Spanish and English language level.
Personal Skills
- Strong analytical and structuring skills
- Ability to work with senior stakeholders
- High level of autonomy and ownership
- Pragmatic and solution-oriented mindset
- Degree in IT, Information Security, or related field
- ISO 27001 Lead Implementer or Lead Auditor training is a plus
We offer*:
- Flexible working format - remote, office-based or flexible
- A competitive salary and good compensation package
- Personalized career growth
- Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
- Active tech communities with regular knowledge sharing
- Education reimbursement
- Memorable anniversary presents
- Corporate events and team buildings
- Other location-specific benefits
*not applicable for freelancers
Spain
