IT Risk & Compliance Specialist
Hybrid · Marbella, Andalusia, Spain
Job Summary
Compliance Specialist within RavenPack's IT Risk & Compliance team, responsible for the ISMS governance and regulatory posture. You will monitor ISMS compliance with ISO 27001:2022 and SOC 2 Type II, prepare management and committee materials, oversee internal and external audits, lead gap assessments, and support ISO 27001 certification continuity. You will manage risk and vendor risk processes, assess EU AI Act applicability for vendor AI services, maintain ISMS policy documentation, and produce DDQ analyses. Reports to the Director of IT Operations/CISO in Marbella, Spain, with a hybrid work arrangement and collaboration across Legal, Finance, Cybersecurity, and IT Support teams. Preferred certifications (CISA, CISM, ISO 27001 Lead Auditor/Implementer, CRISC) and experience in financial services or data analytics environments, plus familiarity with tools like Jira/Confluence and security tooling.
Required Qualifications
- 5+ years of experience in IT compliance, information security governance, or GRC roles
- Deep working knowledge of ISO 27001:2022 and SOC 2 frameworks
- Hands-on experience with certification and audit cycles
- Experience with GRC platforms (Vanta a strong plus)
- Solid understanding of risk management methodologies (ISO 27005, Magerit, or equivalent)
- Familiarity with GDPR and the EU AI Act in data-driven products and AI services
- Experience managing vendor security due diligence and third-party risk assessments
- Strong documentation and policy-writing skills
- Excellent English communication skills; Spanish is a plus
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.