Global Information Security & GRC Manager

About SAMY

SAMY is a global network of independent marketing and communications agencies, using research, technology, strategy, creativity, and performance to deliver impactful, data-driven solutions and drive growth for brands. With over 1000 employees in 15+ offices across 18 countries (Europe, U.S., Latin America) and operating in 55 markets, SAMY serves over 100 leading clients, specializing in award-winning, end-to-end digital campaigns.

SAMY is strengthening its global Information Security and Governance, Risk & Compliance (GRC) function. We are looking for a Global Information Security & GRC Manager to lead, structure, and evolve our security and compliance landscape across all SAMY entities.

This is a key leadership role responsible for organizing IT security fundamentals (laptops, antivirus, access control, policies), coordinating and challenging external providers, setting global standards, and ensuring consistent compliance across countries.

The ideal candidate may come from a CISO, Information Security Manager, or GRC Manager background, or be a strong security professional ready to grow into a senior leadership role. What matters most is the ability to bring structure, ownership, and direction in a complex, international environment.

Mission

Global Information Security Leadership

• Own and lead Information Security and GRC for all SAMY entities globally, not just local environments

• Define, implement, and maintain global security policies, standards, and guidelines

• Ensure consistent security practices across laptops, devices, antivirus, access management, and data protection

• Act as the main point of contact for all information security-related topics within SAMY

Governance, Risk & Compliance (GRC)

• Establish and manage a structured GRC framework across the organization

• Identify, assess, and mitigate information security risks

• Organize and lead internal and external audits, including audits of German headquarters and other European entities

• Ensure compliance with relevant regulations (e.g., GDPR) and internal corporate standards

• Prepare management-level reporting on security posture, risks, and remediation plans

External Provider Management

• Take ownership of the relationship with external IT security and compliance providers

• Evaluate existing outsourced services and bring activities back under internal control where appropriate

• Coordinate, steer, and challenge external partners to ensure quality, efficiency, and alignment with SAMY standards

Operational & Cross-Functional Coordination

• Work closely with local teams in Madrid (including Office Management, Local Administration, and HR)

• Collaborate with key stakeholders such as Blanca, Gonzalo, Joseph, and European leadership teams

• Support local offices while maintaining a global corporate perspective

• Act as a trusted advisor to management on security, compliance, and risk topics

Audits, Travel & Continuous Improvement

• Travel regularly to SAMY locations across Europe to conduct audits and assessments

• Identify gaps, drive remediation actions, and ensure follow-up

• Continuously improve security maturity and operational efficiency

• Build awareness and promote a strong security culture across the organization
  
  

Skills Requirements

• Proven experience in Information Security, IT Security, GRC, or Compliance

• Background as a CISO, Information Security Manager, GRC Manager, or similar role is a strong advantage

• Experience working in a multi-country, corporate, or international environment

• Strong understanding of security governance, risk management, and compliance frameworks

• Experience managing and coordinating external vendors and service providers

• Ability to structure, organize, and build processes where little existed before

• Willingness to travel internationally

• Strong leadership and stakeholder management skills

• Ability to operate both strategically and hands-on

• Excellent organizational and coordination capabilities

• Confident communicator, able to interact with technical and non-technical stakeholders

• Proactive, pragmatic, and solution-oriented mindset

• Comfortable growing into increased responsibility over time

• Fluent English (mandatory – CVs must be submitted in English)

• Fluent Spanish (mandatory)

• Based in Madrid (preferred), with close collaboration with local teams

Cultural Fit
If you are kind, collaborative and driven by excellence, you will thrive here. We work without silos or egos, we give sharp feedback, and we execute with precision towards shared goals. If you take ownership of your decisions, your performance and your results, this is your place.

Benefits

• Flexible schedule and hybrid work options

• Internal Mobility, Referral Program

• 24th and 31st December holidays & celebrate your birthday with a day off