GRC Security Consultant

About the GRC Security Consultant Role at Fujitsu

Fujitsu is seeking a skilled GRC Security Consultant to join their team in Barcelona. This hybrid role involves ensuring compliance with various security standards and regulations, conducting audits, managing risks, and contributing to incident response.

You will be an integral part of our security team, helping to protect critical systems and data, and ensuring our operations adhere to the highest security and governance standards.

Key Responsibilities

• Organize and ensure compliance with applicable regulations such as GDPR, ENS, NIS2, ISO, and CCN guidelines.
• Design, monitor, and implement compliance plans for NIS2, ENS, ISO27001, GDPR, and other security standards.
• Conduct internal and external security compliance audits (ENS, ISO27001, NIS2, GDPR).
• Identify operational, technological, and legal cybersecurity risks, define controls, tests, and evidence, and propose/monitor mitigation plans.
• Collaborate effectively in incident response activities.

Required Qualifications and Experience

Candidates must demonstrate experience/knowledge in at least four of the following areas:

• Organization and assurance of compliance with applicable regulations (GDPR, ENS, NIS2, ISO, CCN guidelines).
• Design, monitoring, and implementation of compliance plans (NIS2, ENS, ISO27001, GDPR).
• Internal and external security compliance audits (ENS, ISO27001, NIS2, GDPR).
• Detection of operational, technological, legal cybersecurity risks; definition of controls, tests, evidence; proposal and monitoring of mitigation plans.
• Collaboration in incident response.

Additionally, candidates should possess:

• ISO27001 Lead Auditor, ISO22301 Lead Auditor certification or similar.
• Fluent spoken and written Catalan (bilingual with Spanish).
• Minimum English level B2.
• At least 4 years of accredited experience in technological systems, with at least 3 years specifically in governance, risk, and security compliance.
• University degree in Computer Science, Communications, Law, Business Administration, or similar fields.

Valuable Skills

• Knowledge/experience in business continuity plans (BCP) and Disaster Recovery Plans (DRPs).
• Knowledge/experience in Third-Party Risk Management (TPRM).
• English certification level B2/C1.

Work Arrangement

This is a hybrid position requiring 60% on-site presence within the metropolitan area of Barcelona.

Key Skills/Competency

• GRC
• Cybersecurity
• ISO27001
• GDPR
• NIS2
• ENS
• Risk Management
• Compliance Auditing
• Incident Response
• Business Continuity