Information Risk Management - Tech & Security - Second Line Defense

Do you want to play a key role in strengthening the digital resilience of a leading Top Employer in Spain?

New technologies, regulatory changes and emerging cyber‑risks are transforming how organisations protect their customers and operations. At Nationale‑Nederlanden, the mission is clear: stay ahead through secure, responsible and future‑proof ways of working.

The Information Risk Management (IRM) function sits at the heart of this mission. This role enables the organisation to understand IT risks, navigate complex regulations and implement robust controls, working closely with technology, security and business teams.

Purpose of the role

The position forms part of the Second Line of Defense, ensuring the organisation identifies and manages information and technology risks effectively. You will translate complex security and regulatory developments into clear, actionable guidance so the organisation can operate securely and confidently.

Key responsibilities

• Monitor the implementation of IT security policies, standards and frameworks (COBIT, ISF, ISO 27001, ISO 27002).
• Interpret and explain regulatory requirements (GDPR, DORA, AI Act, EIOPA).
• Assess the design and effectiveness of IT controls, processes and architectures.
• Analyze outcomes from penetration testing, vulnerability scanning and threat modelling.
• Support IT risk assessments for projects and major technology changes.
• Review security alerts and ensure adequate remediation.
• Perform vendor risk assessments with asset owners.
• Follow up on remediation from audits and compliance assessments.
• Analyze IT incidents and contribute to lessons learned.
• Advise senior management and business units on IT risk and information security topics.
• Contribute to AI‑related initiatives from a risk‑management perspective.

Ready to help shape the future of secure and innovative digital operations at Nationale‑Nederlanden? If this role aligns with your experience and ambitions, we’d be happy to meet you.

What you will enjoy

• Hybrid work model and flexible schedule.
• A stable, high‑impact role within a growing, innovative organisation.
• Continuous learning and support for security certifications.
• Participation in strategic initiatives (AI governance, DORA, GDPR, cloud, emerging technologies).
• Life insurance, pension plan and flexible compensation.
• Telework and meal allowance, wellness programme and volunteering.
• Free parking for car, electric charging, motorbike and bicycle.
• Digital culture and agile methodologies.
• Recognised as Top Employer Spain.

What will help you succeed

• At least 4 years of experience in IT Risk Management, Information Security, IT Audit, or similar fields.
• Strong understanding of security frameworks, regulatory environments and risk‑management practices.
• Ability to translate technical cybersecurity risks into clear guidance.
• Confidence working with both technical and business stakeholders.
• Analytical mindset and a proactive approach to improvement.
• English proficiency to collaborate with international teams.