Information Security GRC Analyst

Confirmed live in the last 24 hours

OneTrust

Madrid, Spain

On-site

Posted April 24, 2026

Job Description

Strength in Trust

OneTrust’s mission is to enable innovation through the responsible use of data and AI. We believe that ensuring data is trusted shouldn’t slow teams down—it should accelerate what’s possible. This led us to develop the first technology platform for responsible data use in 2016. Today, with AI representing the latest and most impactful expansion of data yet, OneTrust is once again redefining what responsible innovation looks like. OneTrust, the AI‑Ready Governance Platform™, unifies regulatory intelligence, automation, and connected governance workflows so businesses can continue to move at the speed of AI while ensuring good governance to prevent data misuse at scale. Trusted by thousands of organizations worldwide, OneTrust is shaping the future where trusted data becomes a transformative force for business and society.

The Challenge

We are looking for a dynamic Information Security GRC Analyst to support IT and InfoSec by performing various governance, risk, and compliance activities as part of the OneTrust InfoSec GRC team.

Your mission

Customer Security Assurance & Questionnaires
- Own a high volume of end-to-end completion of customer security questionnaires (CAQs), RFP security sections, and other assurance artifacts (e.g., SIG, CAIQ, custom questionnaires).
- Provide accurate, consistent, and defensible responses by leveraging internal evidence repositories (SOC reports, ISO certificates, policies, standards, diagrams, pen test summaries, etc.).
- Partner with internal stakeholders (Sales, Marketing, Customer Success, Security, Engineering, Privacy, Legal, Compliance, Product) to validate responses and resolve gaps.
Customer Engagement & Security Discussions
- Meet with customers and prospects to explain security controls, risk posture, and compliance commitments.
- Present security topics with confidence and clarity—tailoring depth for technical and non-technical audiences.
- Support Sales and Customer Success by addressing security objections, clarifying customer audit scope, and enabling procurement cycles.
Contract & Security Review
- Perform security reviews of contracts, DPAs, security addenda, and customer security terms.
- Identify security requirements, non-standard obligations, and risk areas; propose mitigations and collaborate with Legal and Security leadership on negotiation positions.
- Track contractual security commitments and help ensure they are operationally feasible and aligned with control coverage.
Operational Excellence
- Improve team efficiency through standardization, playbooks, and continuous refinement of response libraries.
- Demonstrated ability to manage, prioritize, and execute a high volume of concurrent requests with accuracy and consistency, while meeting SLAs and maintaining quality standards in a fast-paced environment.
- Contribute to internal readiness by keeping evidence current, identifying control documentation gaps, and recommending process improvements.

You Are

- 2-5 years of relevant experience in information security, security compliance, GRC, security assurance, third-party risk, or customer trust functions.
- Demonstrated experience responding to customer security questionnaires and security due diligence requests.
- Familiarity with common frameworks and attestations: SOC 2, ISO 27001, NIST,