Digital resilience is no longer optional. New technologies, fast‑moving regulation and evolving cyber risks are reshaping how organisations protect their customers and operate with confidence.
At Nationale‑Nederlanden Spain, Information Risk Management plays a central role in this challenge. Within this context, the Second Line of Defense continues to strengthen how technology and information risks are understood, challenged and managed across the organisation.
This position sits at the intersection of technology, security, regulation and business. Its purpose is to bring clarity to complex risk topics and enable secure, responsible decision‑making in areas such as cloud, AI, data protection and emerging technologies.
The role offers real influence, working closely with technology, security and business teams, as well as visibility at senior‑management level.
-
Recognised as Top Employer Spain
-
Hybrid work model and flexible schedule
-
A stable organisation with a strong digital and innovation roadmap
-
Continuous learning and support for security and risk certifications
-
Exposure to strategic initiatives: AI governance, DORA, GDPR, cloud and new technologies
-
Competitive benefits: life insurance, pension plan, flexible compensation, telework and meal allowance
-
Wellness programme, volunteering initiatives and free parking with EV charging
-
Digital culture supported by agile ways of working
-
Shaping how IT security frameworks and standards (ISO 27001/27002, COBIT, ISF) are applied and challenged across the organisation
-
Translating regulations such as GDPR, DORA, EIOPA and the AI Act into practical, actionable guidance
-
Evaluating whether IT controls, processes and architectures effectively manage real risks
-
Interpreting insights from penetration tests, vulnerability scans and threat‑modelling
-
Providing independent risk input to major technology projects and change initiatives
-
Reviewing incidents, remediation plans and audit findings to strengthen resilience
-
Assessing vendor and third‑party risks together with asset owners
-
Acting as a trusted advisor for management and business teams on information‑risk topics
-
Supporting AI‑related initiatives from a risk and governance perspective
-
4+ years of experience in IT Risk, Information Security, IT Audit or similar areas
-
Strong understanding of security frameworks and regulatory environments
-
Ability to translate technical cybersecurity risks into clear, business‑focused guidance
-
Confidence working with both technical and non‑technical stakeholders
-
Analytical mindset, curiosity and a proactive approach
-
English proficiency for collaboration in an international context
If you are interested in a role where your expertise directly influences how a leading organisation manages technology and information risk, feel free to reach out or start a conversation.