Security Governance Specialist , Information Security Team (100% remote-friendly within Spain)
DocplannerFind the best physicians, search by location and specialty. Book your doctor appointment online on Doctoralia. Ask an expert.
Welcome to the good side of tech 👋
You might have heard about us, but with a different name: Doctoralia. It all started 10 years ago, when we asked ourselves: is anyone in healthcare thinking about patients? We jumped in and we empowered patients by giving them access to leave and read reviews about their visit. We then provided doctors with the technology to manage bookings easily and save time, so they could devote themselves to what they always wanted: treating patients. And today is the day in which we ask you: wanna join us in the next step of making the healthcare experience more human?
Docplanner at scale
We are leaders in 13 countries so far, and more than 80 million patients trust us every month. 130.000 specialists believe in us and our product, and so do leading venture capital funds such as Point Nine Capital, Goldman Sachs Asset Management and One Peak Partners. And yet, employing over 2.500 people all over the globe, we managed to keep the startup-mindset we started with over 10 years ago.
How does Docplanner Tech fit here?
At Docplanner Tech we are a diverse group of over 400 people working in Engineering, Data, and Product teams. We are responsible for building the product for all locations. Many of us have been here for over 5 years, yet we still welcome each new person with great joy and excitement.
And why should you join us?
Because it feels good to tell your family and your friends how you made the world a little bit better. You go to bed knowing that what you do matters, and that your talents align with your beliefs.
We want to make the healthcare experience more human, and that starts with you being you. We believe that taking the diversity of human experience into account makes a better healthcare experience for all . We’re not just different: we embrace diversity. We will encourage you to come to work your whole self, and that includes not coming to the office at all if you prefer not to, as we're 100% remote friendly.
The Security Governance Analyst is a critical member of the Information Security team responsible for developing and maintaining the governance framework, policies, procedures, and standards that guide the organization's information security practices. This role plays a pivotal role in ensuring that security efforts align with business objectives and comply with relevant regulations and industry standards.
Policy and Procedure Development:
- Develop and maintain information security policies, procedures, and standards in alignment with industry best practices, regulatory requirements, and organizational goals.
- Collaborate with stakeholders across the organization to ensure policies meet business needs while maintaining security standards.
Security Governance Framework
- Establish and manage the security governance framework, ensuring consistency and accountability in security practices.
- Define and communicate governance-related roles and responsibilities within the organization.
- Assist in identifying and understanding regulatory requirements and standards relevant to the organization (e.g., SOC 2, ISO 27001).
- Ensure that security practices and policies align with compliance requirements and facilitate compliance assessments and audits.
- Contribute to the development of security awareness programs and training materials.
- Collaborate with the Security Awareness and Training Specialist to educate employees about security policies and best practices.
Documentation and Reporting
- Maintain a repository of security policies, procedures, and standards.
- Prepare and distribute reports on compliance status, governance efforts, and security metrics to management.
Security Risk Management
- Integrate risk management principles across the business.
- Ensure that security governance efforts address identified risks appropriately.
- Stay informed about emerging security threats, regulations, and best practices.
- Propose and implement improvements to the security governance framework based on industry trends and organizational needs.
- ISO 27001 Lead Auditor or Implementer certification is highly desirable (but not essential)
- Experience leading or taking part in internal and or external audits
- 5+ years of experience in information security governance
- Knowledge of relevant security standards and frameworks (e.g., ISO 27001, NIST, SOC 2).
- Experience of continuous compliance tooling (eg Vanta or Drata)
- Strong understanding of regulatory requirements, such as GDPR
- Excellent communication and collaboration skills, with the ability to work across various departments.
- Strong analytical and problem-solving skills.
- Detail-oriented with a commitment to maintaining accuracy in documentation.
- Ability to adapt to a dynamic and fast-paced environment.
- Self-starter and free thinker
Let’s talk money
- A salary adequate to your experience and skills between 53,000 and 70,000 euros. The range is broad so that we can accommodate our roles for all levels of experience, but we will show you the career ladder to explain where we see your skills and impact within the company". Your salary will be, now and always, 100% transparent to you;
- Flexible remuneration and benefits system via Flexoh, which includes: restaurant card, transportation card, kindergarten, and training tax savings;
- Share options plan after 6 months of working with us.
True flexibility and work-life balance
- Remote or hybrid work model with our hub in Barcelona;
- Flexible working hours (fully flexible, as in most cases you only have to be on a couple of meetings weekly);
- Summer intensive schedule during July and August (work 7 hours, finish earlier);
- 23 paid holidays, with exchangeable local bank holidays;
- Additional paid holiday on your birthday or work anniversary (you choose what you want to celebrate).
Health comes first
- Private healthcare plan with Adeslas for you and subsidized for your family (medical and dental);
- Access to hundreds of gyms for a symbolic fee in partnership for you and your family with Andjoy;
- Access to iFeel, a technological platform for mental wellness offering online psychological support and counseling.
Keep growing with us
- 20% time rule: spend 20% of your working hours on personal development related to your role and collaboration with other teams;;
- Free English and Spanish classes.
We promote and embrace equal opportunities in our hiring process, and also every day at work. When you apply for our roles you receive equal treatment regardless of age, disabilities, gender reassignment, marital or civil partner status, pregnancy or parental status, race, colour, nationality, ethnic or national origin, religion or belief, sex, sexual orientation or any other dimension of human difference. If you require additional support in your recruitment process, we kindly encourage you to let us know. Behind those words you’re reading, there’s a person (hi!) who already helped a candidate by adapting the interviews, and now we’re lucky to have this person with us. So, even if you’ve never asked for it before, may this serve as a sign that, now, you can do so. We can only truly be equal if we adapt to each other.
“We believe all humans, in all their beautiful diversity, should have equal rights, dignity and respect. Period.” Mariusz Gralewski, CEO
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
More jobs like this
Warsaw, Poland Warsaw, Poland Full TimeSenior Senior-levelUSD 56K - 104K * USD 56K+ *
Security Governance Specialist , Information Security Team (100% remote-friendly within Poland)Audits Compliance GDPR Governance ISO 27001 NIST +3
Career development Equity Flex hours Flex vacation Health care +3
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs