Information Security & Compliance Associate

Indivi Technologies SL· Córdoba, Spain· personio· publicada el 07/07/2026
Imprescindible:AWSGoogle CloudCloudSecurityLead
Your mission Indivi  is a TechBio company enabling precision and personalised medicine to become a reality in neuroscience research and development. We are going through significant growth and looking for new team members who want to contribute to making our vision —  making measurable what is not so  — a reality. Your profile As an Information Security & Compliance Associate, you will be responsible for the day-to-day maintenance and continuous improvement of Indivi's Information Security Management System (ISMS) in accordance with ISO 27001, while also supporting the management and ongoing development of our Quality Management System (QMS) under ISO 13485. You will play a key role in executing the ISMS Annual Compliance Plan, maintaining security and compliance documentation within Jira and Confluence, coordinating evidence collection for audits, and supporting the identification, tracking, and remediation of security risks, vulnerabilities, and compliance actions in a fast-paced TechBio environment. This is an onsite position that will initially be offered on a part-time basis (20 hours per week) for the first six months. Subject to satisfactory performance and business needs, the role may transition to a full-time position thereafter. Key Responsibilities ISMS Operations & Compliance: ISMS Operations:  Lead the execution of regular ISMS tasks in Jira. You will ensure that monthly controls (access reviews, backup verifications, log monitoring, etc.) are executed on time and documented. Continuous Improvement (NC & CAPA):  Identify process gaps, document Non-Conformities (NC), and track Corrective and Preventive Actions (CAPA) until closure. Risk & Vulnerability Management:  Assist the ISO in updating the Risk Register (scenario-based Risk Model). Coordinate with technical departments for the remediation of vulnerabilities identified in security scans. Audit Readiness:  Act as a key contributor during Internal Audits and External ISO 27001/13485 surveillance audits. Documentation Governance:  Manage policies and SOPs in Confluence, ensuring compliance with FDA 21 CFR Part 11 (electronic signatures). Data Privacy & Governance:  Support the DPO in maintaining the RoPA and coordinating DPIAs/BIAs. Necessary Competence (education qualification): Experience:  1-2 years in Information Security, IT Audit, or Quality Assurance roles. Education:  Degree in Computer Science, Cybersecurity, or related technical field. Needed skills: Industry-Specific Skills: Solid understanding of  ISO 27001:2022 . and  GDPR/HIPAA  compliance in a TechBio environment. Basic understanding of  ISO 13485:2016 ,  ICH-E6 (GCP) ,  CSV  (Computerised System Validation) and SBOM management. Technical Stack: Proficiency in  Atlassian Suite  (Jira, JSM & Confluence). Familiarity with  SIEM  tools (Wazuh) and Vulnerability Scanners. Basic knowledge of  AWS  Cloud security and  MDM  (Mosyle). Soft Skills:  High attention to detail (documentation rigour), analytical mindset, and ability to work in a regulated environment (GCP). Languages: Spanish:  Native/Bilingual (for local office collaboration). English:  Professional working proficiency (B2/C1) for all documentation and international stakeholder communication. What to Expect: Your Learning & Development Path We do not expect you to master all these responsibilities from day one. This role is designed with a long-term learning roadmap to help you build a solid foundation in TechBio compliance. You will be continuously mentored by the Information Security Manager, who will provide personalised, 1-on-1 training sessions and ongoing guidance to ensure your success and professional growth within our dual ISO 27001 and ISO 13485 environment. Role Roadmap & Key Priorities First 3 Months (Immediate Priority):  Your primary focus will be driving the transition and adaptation of our ISMS documentation to align with our Quality Management System (QMS). This will involve heavy use of SoftComply Document Manager (an Atlassian Confluence add-on) to ensure all policies and procedures meet strict regulatory standards. Beyond 3 Months (Long-Term Focus):  Once the documentation transition is established, your core focus will shift to the operational execution of the ISMS Annual Compliance Plan, managing regular security tasks, and ensuring continuous audit readiness.