Security Compliance and Privacy Lead

Security Compliance & Privacy Lead

Tunstall Healthcare Group is seeking a Security Compliance & Privacy Lead to join our growing global Information Security team. Reporting to the Head of Governance, Risk & Compliance, this role is crucial for the development, implementation, and continuous evolution of our information security policies, standards, and control framework across all geographies and business units. You will ensure alignment with international compliance standards and regulatory requirements during an exciting period of transformation for Tunstall.

About Tunstall

Tunstall is a market-leading health and care technology provider dedicated to delivering life-saving and life-changing technology and services to millions worldwide. We are passionate about fostering a diverse and inclusive environment where every colleague is valued and celebrated for their unique contributions. Join our One Tunstall team and be part of our mission.

Key Responsibilities

• Act as the subject matter expert and advisor on information security compliance and regulatory matters (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR, and other applicable frameworks).
• Ensure Tunstall’s security posture aligns with current and emerging regulatory requirements across all operating regions.
• Define and develop the information security policy framework, ensuring policies, standards, and procedures are current, comprehensive, and aligned with international best practices and regulatory requirements.
• Communicate and socialize the policy framework across the organization.
• Maintain deep knowledge of existing and emerging regulatory requirements and compliance standards, advising stakeholders to support compliance roadmap development.
• Design and develop the information security control framework based on industry standards and regulatory requirements.
• Track, coordinate, and manage internal and external audits across all countries and regions.
• Organize and participate in audit activities, serving as the Point of Contact to ensure consistency and alignment with established protocols.
• Monitor and report on compliance and effectiveness of controls, identifying gaps and developing remediation strategies.
• Prepare and present comprehensive reports on compliance status, audit findings, and remediation progress to senior stakeholders.

The Ideal Candidate

• Significant experience working as a policy owner and partnering with Data Protection Officers (DPOs).
• Good understanding of Spanish Local Information Security Regulations.
• Experience running/managing both internal and external audits.
• Proven experience in information security compliance, audit, or related roles in complex, multinational organizations.
• Proven experience managing security compliance programs and building/evolving security control frameworks in multinational environments.
• Deep understanding of information security standards and regulatory frameworks (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR, and others).
• Proven experience coordinating and leading audit activities (internal and external) across multiple geographies.
• Experience developing and maintaining information security policies, standards, and procedures.
• Excellent written and verbal communication skills.
• Strong stakeholder management and influencing capabilities in multicultural, complex organizational environments.
• Ability to manage complexity and make sound decisions under uncertainty.
• Bachelor's degree in Information Security, Computer Science, Computer Engineering, Mathematics, Business Administration, Law, or similar.
• English: CEFR C1.

What We Offer

• Hybrid Working
• Competitive salary + potential bonus
• Access to a Talent Library with over 800 courses, and learning platforms like Udemy or O’Reilly.
• A warm and welcoming team environment.
• A chance to build a rewarding career.

Desirable Skills And Experience

• Professional certifications (e.g., CISA, CRISC, ISO 27001 Lead Auditor).
• Experience with GRC tools and platforms.
• Experience in healthcare, critical infrastructure, or regulated industries.

Equal Opportunities at Tunstall

We are committed to building a diverse team and welcome applications from people of all backgrounds, experiences, and abilities. Our recruitment process is open, fair, and inclusive.

Key Skills/competency

• Information Security Compliance
• Privacy Lead
• Policy Framework Development
• Regulatory Requirements
• ISO 27001
• NIST
• GDPR
• Auditing
• Risk Management
• Stakeholder Management