Cybersecurity Expert GRC

🌐 About Us

At Nextlane, we don’t just develop software solutions – we create the future of the automotive industry.

We are a company that combines advanced technology with a clear vision: simplifying and digitizing every step of the automotive customer journey, empowering manufacturers and dealerships to thrive in a constantly evolving market.

We believe in the value of every team member, offering opportunities for you to develop and contribute to meaningful solutions.

So… What does it mean to be a #Nextlaner?

• Be part of a growth-oriented culture.

• Collaborate with colleagues from all over the world.

• Believe in the Power of ideas and the diversity of thought.

• Be committed to provide an environment where you can learn, grow, and collaborate on projects that make a global impact.

Our success is measured not just by results, but also by the growth and satisfaction of those who are part of our company.

At Nextlane, you’ll have the opportunity to innovate, push boundaries, and work on solutions that are transforming the automotive world.

As a Senior Information Security Specialist you play a critical role in this transformation by owning and maturing the Governance, Risk and Compliance (GRC) domain within a small but impactful Cybersecurity organisation. This role directly contributes to enabling secure growth, meeting customer compliance expectations, and improving the organisation’s overall security posture.

To establish, lead, and continuously improve the GRC function, ensuring Nextlane meets internal, regulatory, dealer and OEM security requirements while enabling secure, scalable operations across the organisation.

This role ensures that policies, processes, and controls are defined, implemented, measured, and continuously improved, supporting:

• A scalable, decentralised security model

• A robust ISMS (ISO/IEC 27001-aligned)

• Measurable security governance

• Improved risk-based decision-making

• Increased compliance readiness for OEM audits

🎯 Your Responsibilities:

As a key member of the team, you will be responsible for:

Governance and Security Policy Framework

• Own, define, and maintain a scalable Information Security Management System (ISMS).

• Develop clear, lean, and enforceable security policies, standards, and procedures aligned with industry best practices (ISO/IEC 27001, NIST CSF).

• Establish governance rhythms and ensure policies are adopted across all technical and business teams.

• Drive organisation-wide security culture, transparency, and accountability.

Risk Management

• Build and maintain a centralised risk register to support structured risk-based decision making.

• Facilitate regular risk assessments with teams, including Engineering, Product, Cloud, IT, and Professional Services.

• Define risk treatment plans, track remediation progress, and report risk posture to leadership.

• Enable teams to use risk management in daily work.

Compliance and OEM Requirements

• Lead the organisation’s preparation for ISO/IEC 27001 certification or other OEM-mandated security requirements.

• Support internal and external audits, ensuring evidence collection, process maturity, and corrective actions.

• Partner with internal teams to answer security questionnaires and support RFP processes.

• Ensure ongoing alignment with European regulatory frameworks, e.g., GDPR, NIS2.

Business Continuity and Disaster Recovery

• Drive development and testing of DR/BCP plans.

• Coordinate cross-team tabletop exercises and simulations.

• Ensure tested, reliable, and documented DR capabilities aligned with business and customer expectations.

Awareness and Human Risk Reduction

• Lead cybersecurity awareness programs, ensuring completion and measurable impact.

• Partner with HR and IT to embed security in onboarding, offboarding, and operational processes.

Identity and Access Management Governance

• Strengthen IAM processes including onboarding, offboarding, and periodic user access reviews.

• Support adoption of least privilege principles and improve lifecycle maturity.

• Reduce operational gaps tied to IAM audit deficiencies.

Collaboration and Cross-Functional Enablement

• Work closely with Product, Engineering, Cloud, IT and Professional Services teams to integrate governance checks into technical workflows.

• Partner with the DPO and Legal teams to ensure:

• Alignment with GDPR and other industry-specific regulatory obligations.

• Clear traceability between legal/compliance requirements and security controls.

• Support definition, implementation, and governance of technical and organisational measures (TOMs).

• Continuous monitoring and reporting of compliance-related security risks.

• Act as a trusted advisor across multiple areas, helping teams understand security requirements, resolve ambiguities, and integrate governance in a practical and scalable way.

• Promote a strong security culture, improving awareness, communication, and decentralised ownership of key practices across the organisation.

🕵️‍♂️ What We're Looking For:

• 5+ years in Information Security, preferably within Governance Risk and Compliance (GRC) roles.

• Demonstrable ownership of ISMS development, risk management practices, and audit-readiness programs.

• Experience working with GDPR-related processes, privacy governance, or supporting DPO/Legal functions.

• Experience integrating AI-based tools into secure business processes (security controls, compliance workflows, or automation).

• Experience in SaaS, cloud-native, or regulated environments preferred.

• Working across international markets and culturally diverse, distributed teams, with the ability to operate effectively in complex, multi-country environments.

• Experience in a PE-backed or transformation-intensive organisation.

• Ability to evaluate the security and compliance implications of AI-driven operational efficiency initiatives, including:

• Prioritisation of AI use cases from a risk and compliance perspective.

• Operational impact of introducing AI into governance, monitoring, and audit processes.

• Experience with OEM-driven security requirements and audit preparation.

• Experience supporting DR/BCP, IAM process governance, and risk scoring methodologies.

• Security certifications are a plus, e.g., CISM, ISO 27001 LA/LI, CISSP, CRISC.

Languages and Communication

• English: Fluent.

• Exceptional written and verbal communication skills, including the ability to:

• Influence senior leaders without authority.

• Produce clear executive memos and board-level materials.

💎 What We Offer:

We understand that flexibility and trust are essential for our teams. Here are some of the benefits we offer:

• 🏡 Hybrid Work: Rotational model, 2 days onsite, three days remote.

• 💰 Annual Payments: 14 payments per year (12 monthly payments + 1 summer bonus + 1 Christmas bonus in November).

• 🍽️ Meal Voucher: €10.20 per working day.

• 🌴 Vacation: 23 vacation days, plus 24th or 31st December off.

• 🗣️ Language Training: Access to group classes in Spanish, English, or French.

• ⚕️ Private Medical Insurance: Multicare coverage.

• Teambuilding: Join us for memorable afterworks and team activities!

🌍 Diversity, Inclusion & Belonging

At Nextlane, we are committed to creating a space where everyone feels valued and respected. We firmly believe that diversity in experiences and backgrounds strengthens our culture and drives innovation.

• Support for people with disabilities. If you need any adjustments during the recruitment process, let us know so we can provide the best possible experience.

• Equal opportunities for all: We welcome applications regardless of age, gender, origin, disability, or any other characteristic protected by law.

Join Nextlane and become part of the technological revolution in the automotive industry.

Discover why we are a great place to develop your talent!