Job Description

Location - Barcelona, Remote

Manage the risk. Fix the gaps. Build what works.

At Nivoda, we're not just managing risk — we’re building resilient foundations that power a global, fast-scaling business. As an IT Security Officer, you’ll roll up your sleeves to identify control gaps, design solutions, and deliver them end to end. No hand-offs, no theoretical frameworks — this is a hands-on, execution-first role for someone who wants to build real impact.

You’ll work directly with teams across Tech, Product, Ops, Risk and Senior Leadership to strengthen how we operate — from process design to system safeguards, vendor risk to business continuity. You’ll help us go faster, more securely, and with total confidence in the foundations we're building.

What you’ll do:

• Drive End-to-End Security Solutions: Own and execute IT security and business continuity risk initiatives from identification to implementation. Don’t just flag issues — fix them by collaborating across teams and seeing solutions through to resolution.
• IT Control Design & Testing: Conduct deep-dive IT control assessments and test the design and operating effectiveness of IT and Security controls across the business. Translate findings into smart, practical improvements that teams can actually adopt.
• Strengthen System Classification & Security: Run CIA assessments to classify systems and test appropriate security controls are in place. Work with system owners, Engineering, Data and Product to ensure controls are designed and implemented, not patched later.
• Security of PII data and GDPR Compliance: Work closely with engineering, system owners and infrastructure teams to ensure security controls around PII data are correctly implemented within IT systems—through privacy design reviews, technical validations, and periodic audits of access, encryption, logging, and data handling configurations.
• Build and Own Business Continuity Plans: Improve, test and maintain Business Continuity and Disaster Recovery Plans (BCP/DRP) across critical functions. Run regular scenario-based continuity tests to validate readiness, backup effectiveness and recovery times. Ensure teams know what to do — and that it actually works when tested.
• Improve Security Monitoring and Incident Readiness: Support implementation and build reporting of security monitoring tools (e.g., SIEM, endpoint protection, access logs). Work with engineering to define indicators of compromise (IoCs) and automate alerting and follow up. Participate in incident response and continuously improve playbooks.
• Control Security Vendor Risk with Confidence: Evaluate third-party providers, own and perform IT Security risk assessments for contract owners, and make sure we have real continuity, not just paper guarantees.

• Minimum 3 years experience in IT Security, business continuity management, and/or IT Risk Management.
• Experience in a start or scale up is preferred.
• Ability to turn and explain a complex situation into something simple, strong, and scalable.
• Work fast and get things done — without compromising on detail.
• Speak the language of both tech and operations.
• Thrive in a high-growth, high-trust environment where execution matters.
• Certifications such as CISM, CISA, ISO27001, CBCP, or CDRE are desirable.