About UsAtNextlane, we don't just develop software solutions – wecreate the futureof the automotive industry.We are a company that combinesadvanced technologywith a clear vision:simplifying and digitizingevery step of the automotive customer journey, empowering manufacturers and dealerships to thrive in a constantly evolving market.We believe in the value of every team member, offering opportunities for you to develop and contribute to meaningful solutions.So... What does it mean to be a #Nextlaner?Be part of a growth-oriented culture.Collaborate with colleagues from all over the world.Believe in the Power of ideas and the diversity of thought.Be committed to provide an environment where you canlearn, grow, and collaborateon projects that make a global impact.Our success is measured not just by results, but also by the growth and satisfaction of those who are part of our company.At Nextlane, you'll have the opportunity toinnovate ,push boundaries, andwork on solutions that are transformingthe automotive world.Senior Information Security SpecialistAs aSenior Information Security Specialistyou play a critical role in this transformation by owning and maturing theGovernance, Risk and Compliance (GRC)domain within a small but impactful Cybersecurity organisation. This role directly contributes to enabling secure growth, meeting customer compliance expectations, and improving the organisation's overall security posture.To establish, lead, and continuously improve the GRC function, ensuring Nextlane meets internal, regulatory, dealer and OEM security requirements while enabling secure, scalable operations across the organisation.This role ensures that policies, processes, and controls are defined, implemented, measured, and continuously improved, supporting:A scalable, decentralised security modelA robust ISMS (ISO/IEC 27001-aligned)Measurable security governanceImproved risk-based decision‐makingIncreased compliance readiness for OEM auditsYour ResponsibilitiesAs a key member of the team, you will be responsible for:Governance and Security Policy FrameworkOwn, define, and maintain a scalable Information Security Management System (ISMS).Develop clear, lean, and enforceable security policies, standards, and procedures aligned with industry best practices (ISO/IEC 27001, NIST CSF).Establish governance rhythms and ensure policies are adopted across all technical and business teams.Drive organisation‐wide security culture, transparency, and accountability.Risk ManagementBuild and maintain a centralised risk register to support structured risk‐based decision making.Facilitate regular risk assessments with teams, including Engineering, Product, Cloud, IT, and Professional Services.Define risk treatment plans, track remediation progress, and report risk posture to leadership.Enable teams to use risk management in daily work.Compliance and OEM RequirementsLead the organisation's preparation for ISO/IEC 27001 certification or other OEM‐mandated security requirements.Support internal and external audits, ensuring evidence collection, process maturity, and corrective actions.Partner with internal teams to answer security questionnaires and support RFP processes.Ensure ongoing alignment with European regulatory frameworks, e.g., GDPR, NIS2.Business Continuity and Disaster RecoveryDrive development and testing of DR/BCP plans.Coordinate cross‐team tabletop exercises and simulations.Ensure tested, reliable, and documented DR capabilities aligned with business and customer expectations.Awareness and Human Risk ReductionLead cybersecurity awareness programs, ensuring completion and measurable impact.Partner with HR and IT to embed security in onboarding, offboarding, and operational processes.Identity and Access Management GovernanceStrengthen IAM processes including onboarding, offboarding, and periodic user access reviews.Support adoption of least privilege principles and improve lifecycle maturity.Reduce operational gaps tied to IAM audit deficiencies.Collaboration and Cross‐Functional EnablementWork closely with Product, Engineering, Cloud, IT and Professional Services teams to integrate governance checks into technical workflows.Partner with the DPO and Legal teams to ensure:Alignment with GDPR and other industry‐specific regulatory obligations.Clear traceability between legal/compliance requirements and security controls.Support definition, implementation, and governance of technical and organisational measures (TOMs).Continuous monitoring and reporting of compliance‐related security risks.Act as a trusted advisor across multiple areas, helping teams understand security requirements, resolve ambiguities, and integrate governance in a practical and scalable way.Promote a strong security culture, improving awareness, communication, and decentralised ownership of key practices across the organisation.What We're Looking For5+ years in Information Security, preferably within Governance Risk and Compliance (GRC) roles.Demonstrable ownership of ISMS development, risk management practices, and audit‐readiness programs.Experience working with GDPR‐related processes, privacy governance, or supporting DPO/Legal functions.Experience integrating AI‐based tools into secure business processes (security controls, compliance workflows, or automation).Experience in Saa S, cloud‐native, or regulated environments preferred.Working across international markets and culturally diverse, distributed teams, with the ability to operate effectively in complex, multi‐country environments.Experience in a PE‐backed or transformation‐intensive organisation.Ability to evaluate the security and compliance implications of AI‐driven operational efficiency initiatives, including:Prioritisation of AI use cases from a risk and compliance perspective.Operational impact of introducing AI into governance, monitoring, and audit processes.Experience with OEM‐driven security requirements and audit preparation.Experience supportingDR/BCP, IAM process governance, and risk scoring methodologies.Security certifications are a plus, e.g.,CISM, ISO 27001 LA/LI, CISSP, CRISC.Languages and CommunicationEnglish: Fluent.Exceptional written and verbal communication skills, including the ability to:Influence senior leaders without authority.Produce clear executive memos and board‐level materials.What We OfferWe understand thatflexibility and trustare essential for our teams. Here are some of the benefits we offer:Hybrid Work:Rotational model, 2 days onsite, three days remote.Annual Payments:14 payments per year (12 monthly payments + 1 summer bonus + 1 Christmas bonus in November).Meal Voucher:€10.20 per working day.Vacation:23 vacation days, plus 24th or 31st December off.Language Training:Access to group classes in Spanish, English, or French.Private Medical Insurance:Multicare coverage.Teambuilding:Join us for memorable afterworks and team activities!Diversity, Inclusion & BelongingAt Nextlane, we are committed to creating a space whereeveryone feels valued and respected. We firmly believe that diversity in experiences and backgrounds strengthens our culture and drives innovation.Support for people with disabilities. If you need any adjustments during the recruitment process, let us know so we can provide the best possible experience.Equal opportunities for all:We welcome applications regardless of age, gender, origin, disability, or any other characteristic protected by law.JoinNextlaneand become part of the technological revolution in the automotive industry.Discover why we are a great place to develop your talent!