Information Security Specialist

Barcelona (hybrid)
Salary range: 50K - 58K

About the Role

We are seeking an experienced Information Security Specialist to strengthen our cybersecurity posture by safeguarding our digital products and enhancing the company’s Information Security Management System (ISMS).

In this role, you will work within cross-functional agile teams, ensuring that every product and process meets the highest security standards. You will play a key part in protecting data, embedding security into development workflows, and driving a culture of awareness and accountability across the organization.

---

 

Main Responsibilities

• Integrate security practices into development workflows, ensuring deadlines and compliance standards are met — bringing the “Sec” into DevOps.
  
• Operate, monitor, and continuously improve the internal ISMS.
  
• Foster and expand a security-first culture, managing initiatives such as the Security Champions program.
  
• Oversee both corporate and product-level security, producing reports and actionable insights for leadership.
  
• Manage and respond to security incidents and events, coordinating corrective and preventive measures.
  

---

 

Your Profile

• At least 4 years of experience in information security or risk management.
  
• Strong knowledge of security best practices, standards, and regulatory requirements.
  
• Proven ability to assess complex technical issues and define effective mitigation strategies.
  
• Deep understanding of software architecture, cloud environments, and microservice models.
  
• Experience in secure development and DevSecOps principles.
  
• Excellent collaboration and communication skills in English and Spanish.
  
• Capable of coordinating multiple teams to achieve shared security objectives.
  

---

 

Preferred Qualifications

• Development background in .NET, Kotlin, or Swift.
  
• Familiarity with Infrastructure as Code, containerization, and Kubernetes.
  
• Experience with Veracode tools (SCA/SAST).
  
• Security certifications such as CISSP or equivalent.
  
• Previous involvement in operating an ISMS and/or contributing to ISO 27001 certification processes.