Information Security & Compliance Officer

Location: Barcelona, Spain

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Thales in Spain is a leader in technological solutions applied to Defence, Aeronautics, Security, Transportation and Space and, furthermore, is a global centre for excellence in Space, Security of Critical Infrastructures and Transportation. With a turnover of €320 million and a staff of 1,200, it exports approximately 40% of its total production principally to the Middle East, North Africa and Latin America.

Thales Cybersecurity & Digital Identity is a global leader in digital security, bringing trust to an increasingly connected world. We design and deliver a wide range of products, software and services based on two core technologies: digital identification and data protection.

As part of an increase in activity, we are looking for a Information Security & Compliance Engineer, based in Barcelona, Parets del Valle. As part of the team you will be responsible to:

Coordination

• Execute and manage site-level audit readiness activities, including evidence collection, walkthrough preparation, and action tracking.
• Ensure coordination with IT Operations, Physical Security, and Production/Operations to verify that controls are correctly executed and evidenced.
• Interface with corporate security stakeholders and approved service providers to align on requirements, timelines, and evidence expectations, ensuring delivery at site level.

Communication & Awareness

• Advise and support site users and stakeholders on logical security requirements, secure practices, and audit expectations relevant to their activities.
• Reinforce a practical security culture through targeted awareness actions aligned to observed gaps and audit findings.
• Escalate risks, deviations, and recurring control failures through defined reporting paths, supported by clear evidence.
• Maintain clear documentation and traceability of requirements, control execution, evidence, and remediation actions.

Risk Management

• Maintain active visibility of information security risks and non-conformities within scope (e.g., missed controls, audit gaps, recurring failures, overdue remediation).
• Define and track remediation actions to closure with accountable owners, ensuring evidence of resolution is maintained.
• Support incident handling by collecting facts, preserving evidence, and contributing to analysis and reporting as required.

Regulation & Compliance

• Maintain and update site-level logical security procedures and operational instructions aligned with corporate and regulatory requirements.
• Execute and support internal and external audits (GSMA/PCI/internal), including preparation, participation, direct evidence presentation, and action closure.
• Ensure all compliance activities within scope are executed as defined, evidenced appropriately, and continuously audit-ready.

Experience, Knowledge & Skills

• Bachelor’s degree in Information Security, Information Technology, Engineering, or related field
• English proficiency
• High level of Spanish
• Minimum 5 years in a similar or progressive ITSEC / security compliance role
• Proven experience in security and compliance operations within Windows-centric enterprise environments
• Strong experience in security control execution, verification, and audit evidence management
• Hands-on involvement in vulnerability management lifecycle tracking and validation
• Experience working with enterprise productivity and documentation tools (MS Office, SharePoint, Confluence) Information Security & Compliance Execution
• Executes and verifies logical security controls, ensuring all required activities are performed on schedule and evidenced appropriately.
• Prepares and participates in audits, supports walkthroughs, and ensures findings and remediation actions are tracked and closed with proper evidence.
• Tracks, validates, and evidences remediation activities; escalates delays, risks, and blockers.
• Executes and verifies access reviews and privilege controls, ensuring traceability and evidence retention.
• Identifies deviations and non-conformities; supports incident evidence handling and structured reporting.
• Translates security and compliance requirements into operational actions and communicates clearly with IT, Operations, and auditors.

What do we offer?

·        Flexible working hours.

·        Intensive working days on Fridays and during summer.

·        Remote-friendly – 2 days a week working from home.

·        Restaurant allowance and social benefits (health insurance, kindergarden).

​Thales is a company committed to equal opportunities between women and men, and for this reason, we work to raise awareness and disseminate information on the subject both internally and externally.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!