Maisa AI
At Maisa, we're tackling one of the most significant challenges in enterprise AI: establishing trust. Our platform revolutionizes the way enterprises automate knowledge work with reliable Digital Workers that operate without production failures or the restrictions of traditional automation. We are leading the way in Agentic Process Automation for regulated sectors like banking and healthcare, ensuring that our Digital Workers deliver trusted, verifiable, and compliant results.
We are on the lookout for a
GRC / Security Lead
to develop and uphold robust, compliant, and secure systems that instill confidence in our customers, partners, and auditors. You will play a pivotal role at the crossroads of technology, legal requirements, and operations, ensuring that our product integrity and security posture are demonstrable. Your responsibilities will include establishing a comprehensive security foundation from scratch, implementing scalable compliance frameworks as we grow, and
serving as the trusted face of security for our customers and partners
. This role will report directly to the COO and collaborate closely with the executive team across all domains. What You'll Do
Governance (G): Policy, Structure & Ownership
Develop comprehensive security policies addressing data classification, access control, vendor management, and incident response. Create unified governance frameworks that align the organization with best security practices. Define distinct roles and responsibilities for information security processes across teams. Ensure alignment through employee onboarding, security training, and thorough documentation. Risk Management (R): Identification, Tracking & Mitigation
Conduct detailed risk assessments encompassing infrastructure, vendor relationships, and internal operations. Own and sustain the enterprise risk register with clear mitigation strategies and timelines. Execute regular third-party vendor assessments for data security (including cloud services like AWS, AI solutions like OpenAI APIs, and SaaS tools). Implement risk monitoring procedures with ongoing reporting to executive leadership. Compliance (C): Controls, Audits & Evidence
Lead compliance certification efforts (SOC 2, ISO 27001, GDPR) along with industry-specific obligations. Maintain auditable records through logging, access reviews, vulnerability scanning, and control assessments. Coordinate with external auditors and manage compliance automation tools. Update and monitor data privacy and security controls across all functions. Ensure ongoing compliance through regular control evaluations and gap analysis. Client-Facing Security Support
Address security questionnaires and manage automated response systems for efficiency. Act as primary security contact for RFPs, due diligence, and vendor security assessments. Conduct security review calls with clients' legal, IT, and procurement teams. Keep Trust Center content and security documentation updated for customer transparency. Support sales through security materials and competitive positioning. What You Bring
Required Experience
3-5 years in security operations, technical program management, or DevOps/Infrastructure. In-depth knowledge of compliance frameworks (SOC 2, ISO 27001, GDPR, HIPAA). Experience in cloud security architectures and advanced technology stacks. Documented success in managing various concurrent security initiatives. Core Skills
Ability to interpret legal/regulatory requirements and translate them into technical security measures. Exceptional documentation and project management skills. Outstanding communication abilities for interaction with technical teams, executives, and external parties. Analytical capability for risk evaluation and control effectiveness. Preferred Qualifications
Professional certifications (CISSP, CISA, CISM, or equivalent). Experience in a startup or a high-growth company. Exposure to AI/ML security considerations and data protection. Background in customer-facing security roles or consultancy. What Success Looks Like
First 90 Days: Evaluate current security posture and prioritize immediate actions. Establish foundational security policies and procedures. Implement compliance automation tools and initiate evidence collection. Year 1: Secure SOC 2 Type I certification. Create an efficient security questionnaire response mechanism. Develop a robust risk management program with executive reporting. Facilitate rapid customer security assessments and onboarding processes. Year 2: Achieve SOC 2 Type II certification and acquire additional compliance certifications. Scale security processes to meet significant business growth. Enhance customer security enablement capabilities. Integrate security into a competitive advantage for the organization. Why You'll Love This Role
Direct Impact:
Build our security program from the ground up and witness tangible results. Customer-Facing:
Engage directly with customers and partners as the trusted security representative. Strategic Influence:
Report to the COO and shape company-wide security strategies. Growth Opportunity:
Advance with the company and develop a security team as we expand. Cutting-Edge:
Work with innovative compliance automation tools and next-gen security technologies. What we offer
Competitive salary with meaningful equity participation. Budget for professional development, including certifications and training. Clear promotional path with the potential to build and lead a security team. A collaborative culture where your expertise directly contributes to our success. Location: Madrid or Remote
GRC / Security Lead
to develop and uphold robust, compliant, and secure systems that instill confidence in our customers, partners, and auditors. You will play a pivotal role at the crossroads of technology, legal requirements, and operations, ensuring that our product integrity and security posture are demonstrable. Your responsibilities will include establishing a comprehensive security foundation from scratch, implementing scalable compliance frameworks as we grow, and
serving as the trusted face of security for our customers and partners
. This role will report directly to the COO and collaborate closely with the executive team across all domains. What You'll Do
Governance (G): Policy, Structure & Ownership
Develop comprehensive security policies addressing data classification, access control, vendor management, and incident response. Create unified governance frameworks that align the organization with best security practices. Define distinct roles and responsibilities for information security processes across teams. Ensure alignment through employee onboarding, security training, and thorough documentation. Risk Management (R): Identification, Tracking & Mitigation
Conduct detailed risk assessments encompassing infrastructure, vendor relationships, and internal operations. Own and sustain the enterprise risk register with clear mitigation strategies and timelines. Execute regular third-party vendor assessments for data security (including cloud services like AWS, AI solutions like OpenAI APIs, and SaaS tools). Implement risk monitoring procedures with ongoing reporting to executive leadership. Compliance (C): Controls, Audits & Evidence
Lead compliance certification efforts (SOC 2, ISO 27001, GDPR) along with industry-specific obligations. Maintain auditable records through logging, access reviews, vulnerability scanning, and control assessments. Coordinate with external auditors and manage compliance automation tools. Update and monitor data privacy and security controls across all functions. Ensure ongoing compliance through regular control evaluations and gap analysis. Client-Facing Security Support
Address security questionnaires and manage automated response systems for efficiency. Act as primary security contact for RFPs, due diligence, and vendor security assessments. Conduct security review calls with clients' legal, IT, and procurement teams. Keep Trust Center content and security documentation updated for customer transparency. Support sales through security materials and competitive positioning. What You Bring
Required Experience
3-5 years in security operations, technical program management, or DevOps/Infrastructure. In-depth knowledge of compliance frameworks (SOC 2, ISO 27001, GDPR, HIPAA). Experience in cloud security architectures and advanced technology stacks. Documented success in managing various concurrent security initiatives. Core Skills
Ability to interpret legal/regulatory requirements and translate them into technical security measures. Exceptional documentation and project management skills. Outstanding communication abilities for interaction with technical teams, executives, and external parties. Analytical capability for risk evaluation and control effectiveness. Preferred Qualifications
Professional certifications (CISSP, CISA, CISM, or equivalent). Experience in a startup or a high-growth company. Exposure to AI/ML security considerations and data protection. Background in customer-facing security roles or consultancy. What Success Looks Like
First 90 Days: Evaluate current security posture and prioritize immediate actions. Establish foundational security policies and procedures. Implement compliance automation tools and initiate evidence collection. Year 1: Secure SOC 2 Type I certification. Create an efficient security questionnaire response mechanism. Develop a robust risk management program with executive reporting. Facilitate rapid customer security assessments and onboarding processes. Year 2: Achieve SOC 2 Type II certification and acquire additional compliance certifications. Scale security processes to meet significant business growth. Enhance customer security enablement capabilities. Integrate security into a competitive advantage for the organization. Why You'll Love This Role
Direct Impact:
Build our security program from the ground up and witness tangible results. Customer-Facing:
Engage directly with customers and partners as the trusted security representative. Strategic Influence:
Report to the COO and shape company-wide security strategies. Growth Opportunity:
Advance with the company and develop a security team as we expand. Cutting-Edge:
Work with innovative compliance automation tools and next-gen security technologies. What we offer
Competitive salary with meaningful equity participation. Budget for professional development, including certifications and training. Clear promotional path with the potential to build and lead a security team. A collaborative culture where your expertise directly contributes to our success. Location: Madrid or Remote