Here’s a concise advert that recruits for both positions in one post, while keeping the same style as your Technology Lead advert.

GRC Analyst & GRC Lead – Programme Risk & Assurance (Information Security)

We’re looking for experienced GRC Analysts and GRC Leads to join a leading global technology organisation’s Programme Risk & Assurance team within the Information Security function. These roles will support the delivery of a large-scale Governance, Risk & Compliance programme, helping strengthen information security governance, risk management, and control assurance across multiple international marketplaces.

Whether you’re an experienced GRC Analyst looking to take the next step or an established GRC Lead with stakeholder management and programme delivery experience, we’d love to hear from you.

General Conditions:

Employment Type: 4 Months – Contract

Location: Hybrid – Barcelona, Spain (Madrid considered)

Rate/Salary: TBC after discussion

Start: ASAP

Key Responsibilities:

Support and coordinate Information Security Governance, Risk & Compliance activities.

Conduct and support risk-led self-assessments against security control frameworks.

Review security controls, identify gaps, and support remediation planning.

Collect, review, and manage control evidence and compliance documentation.

Maintain trackers, action logs, reporting packs, and remediation plans.

Support internal audits, risk exception reviews, and stakeholder reporting.

Work closely with Information Security teams, control owners, auditors, and business stakeholders.

Facilitate workshops, follow up on actions, and drive programme delivery.

For GRC Leads, provide leadership, manage analyst activities, and deliver senior stakeholder-ready reporting.

Requirements:

Experience within Governance, Risk & Compliance (GRC), Information Security, IT Risk, Technology Risk, Internal Audit, Compliance, or Technology Assurance.

Experience performing risk assessments, control reviews, compliance activities, or IT control assessments.

Strong understanding of Information Security controls and governance.

Experience working with stakeholders across technical and business teams.

Excellent organisational, communication, and documentation skills.

Ability to manage multiple workstreams and deliver within a fast-paced environment.

Preferred Experience:

Experience with ISO 27001, NIST CSF, GDPR, NIS2, SOC 2, or similar security frameworks.

Experience using AuditBoard, Jira, or similar GRC and workflow platforms.

Knowledge of Identity & Access Management (IAM), Vulnerability Management, Third-Party Risk, Incident Response, Cloud Security, or Security Awareness.

Experience within Technology, SaaS, E-commerce, Marketplace, or Digital organisations.

Spanish-speaking candidates or those based in Barcelona are highly desirable.

If you’re a GRC Analyst or GRC Lead with a background in Information Security, Governance, Risk & Compliance, IT Risk, or Technology Assurance and are interested in your next contract opportunity, we’d love to hear from you.

Please send your CV to Khayelihle.Matshayana@darwinrecruitment.com

Darwin Recruitment is acting as an Employment Business in relation to this vacancy.

Khayelihle Matshayana