AI Summary
Join BrainRocket as an Information Security Manager in Valencia, Spain. Conduct security audits, risk assessments, and design/implement security controls. Collaborate with engineering, infrastructure, and product teams.
Key Highlights
Conduct internal security audits of systems, business processes, and new integrations
Define security requirements for internal systems, tools, and business processes
Perform risk assessments for internal tools and third-party services
Technical Skills Required
Benefits & Perks
Relocation package
Global coverage health insurance
23 working days of annual vacation
6 paid sick days
Competitive remuneration level with annual review
Job Description
BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing. βYoung, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm. Our BRO team consists of 1,300 bright minds creating innovative ideas and products. We donβt follow formats. We shape them. We build what works, launch it fast, and make sure it hits.
β This is an on-site role. The office is in Valencia, Spain.
β No remote, β no hybrid work.
𧳠The company assists with the relocation process if your location differs from the required.
We are seeking an Information Security Manager to join our team at our Valencia, Spain office.
β Responsibilities
Security Audits & Governance
βοΈ Conduct internal security audits of systems, business processes, and new integrations.
βοΈ Review and challenge technical and organisational controls; identify weaknesses and improvement areas.
βοΈ Participate in security architecture discussions and proactively recommend control mechanisms.
Security Requirements & Control Design
βοΈ Define security requirements for internal systems, tools, and business processes.
βοΈ Work closely with engineering, infrastructure, and product teams to integrate controls into workflows and architectures.
βοΈ Validate that implemented controls meet design and compliance objectives.
Risk & Compliance Oversight
βοΈ Perform risk assessments for internal tools and third-party services (pre- and post-integration).
βοΈ Maintain the Risk Register and work with asset owners on risk mitigation plans aligned with ISO27001/27701 and other frameworks.
βοΈ Support audit readiness and evidence collection for ISO 27001, PCI DSS, and other certifications.
Data Protection & Access Control
βοΈ Analyze data flows and define appropriate protection strategies (e.g., encryption, masking, access management).
βοΈ Ensure logging, alerting, and monitoring controls are in place and passed to the SOC.
βοΈ Conduct periodic access reviews and role validations.
Security Awareness & Process Improvement
βοΈ Contribute to security awareness initiatives and training content.
βοΈ Collaborate with business and IT teams to optimise secure-by-design practices across departments.
β Requirements
βοΈ 3+ years of experience in information security, internal audit, GRC, or similar roles.
βοΈ Hands-on experience conducting internal audits, risk assessments, and designing/implementing security controls.
βοΈ Strong knowledge of ISO 27001/27701, PCI DSS, GDPR, and relevant security frameworks.
βοΈ Experience maintaining a Risk Register and working with asset owners on mitigation planning.
βοΈ Ability to define and validate security requirements for internal systems and processes.
βοΈ Understanding of data protection principles, including encryption, masking, and access control.
βοΈ Solid understanding of modern access management approaches such as RBAC, Just-in-Time (JIT) access, and Zero Trust.
βοΈ Strong analytical and documentation skills; ability to structure findings and communicate clearly across teams.
βοΈ Self-driven and structured approach to auditing, with the ability to work across technical and business functions.
β Nice To Have
βοΈ Experience supporting external certification audits (ISO 27001, PCI DSS, etc.).
βοΈ Relevant certifications such as ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CompTIA Security+.
βοΈ Experience collaborating with a SOC team or working with log and alert management systems
β We offer excellent benefits, including but not limited to:
π§π»βπ» Learning and development opportunities and interesting, challenging tasks.
π Opportunity to develop language skills, with partial compensation for the cost of Spanish classes (for localisation purposes).
βοΈ Relocation package.
π₯ Global coverage health insurance.
π Time for proper rest, with 23 working days of annual vacation and an additional 6 paid sick days.
π Competitive remuneration level with annual review.
π€ Teambuilding activities
Bold moves start here. Make yours. Apply today!
By submitting your application, you agree to our Privacy Policy.