IT Risk and Compliance Consultant

About Ryanair Labs

Ryanair Labs is the technology brand of Ryanair, Europe's largest airline group. We are a state-of-the-art digital & IT innovation hub dedicated to creating Europe's leading travel experience for our customers. This is an exciting time to join us as we plan to expand our operations significantly over the next decade.

The Role

We are seeking an experienced IT Risk & Compliance Consultant to enhance our PCI DSS and SOX compliance programs within a dynamic technology environment. You will play a key role in maintaining PCI DSS compliance and supporting essential SOX IT control activities across our IT infrastructure.

Responsibilities

• Lead and manage the PCI DSS compliance program, including control operations, evidence management, audit coordination, and remediation.
• Collaborate with internal teams and QSAs to ensure PCI DSS requirements are integrated into systems, processes, and technical designs.
• Support SOX IT control activities and lead the implementation of new controls as needed.
• Provide practical guidance to IT and engineering teams on control design, risk mitigation, and compliance best practices.
• Conduct continuous monitoring and risk assessments to ensure control effectiveness.
• Maintain comprehensive and clear compliance documentation, policies, and procedures.

Requirements

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or a related field.
• Minimum of 4 years of experience in IT risk, compliance, or security, with hands-on experience in PCI DSS, ISO27001, or NIST.
• At least 3 years of experience supporting SOX IT control activities.
• Strong understanding of IT general controls, cloud technologies, IAM, and change/release processes.
• Proven experience working with internal and external auditors.
• Excellent communication and reporting skills, with the ability to collaborate effectively with technical teams.
• One or more relevant certifications such as CISA, CISSP, CCSP, CISM, CRISC, PCI ISA/QSA, or PCI-P is required.

Nice To Have

• Experience with control automation or utilizing AI tools for compliance efficiency is a significant advantage.

Benefits

• Promote innovation with Agile teams and frequent PoCs for new technologies.
• Competitive and flexible technical career path.
• Hybrid working model: up to three days remote per week, with an excellent work environment in our modern Madrid offices.
• Optional health insurance discounts.
• Travel discounts.

Key skills/competency

• IT Risk Management
• PCI DSS Compliance
• SOX IT Controls
• Information Security Frameworks (ISO27001, NIST)
• IT General Controls
• Cloud Security
• Identity and Access Management (IAM)
• Auditing
• Risk Assessment
• Compliance Documentation