Global Information Security & GRC Manager
About SAMY
SAMY is a global network of independent marketing and communications agencies, using research, technology, strategy, creativity, and performance to deliver impactful, data-driven solutions and drive growth for brands. With over 1000 employees in 15+ offices across 18 countries (Europe, U.S., Latin America) and operating in 55 markets, SAMY serves over 100 leading clients, specializing in award-winning, end-to-end digital campaigns.
SAMY is strengthening its global Information Security and Governance, Risk & Compliance (GRC) function. We are looking for a Global Information Security & GRC Manager to lead, structure, and evolve our security and compliance landscape across all SAMY entities.
This is a key leadership role responsible for organizing IT security fundamentals (laptops, antivirus, access control, policies), coordinating and challenging external providers, setting global standards, and ensuring consistent compliance across countries.
The ideal candidate may come from a CISO, Information Security Manager, or GRC Manager background, or be a strong security professional ready to grow into a senior leadership role. What matters most is the ability to bring structure, ownership, and direction in a complex, international environment.
Mission
Global Information Security Leadership
Own and lead Information Security and GRC for all SAMY entities globally, not just local environments
Define, implement, and maintain global security policies, standards, and guidelines
Ensure consistent security practices across laptops, devices, antivirus, access management, and data protection
Act as the main point of contact for all information security-related topics within SAMY
Governance, Risk & Compliance (GRC)
Establish and manage a structured GRC framework across the organization
Identify, assess, and mitigate information security risks
Organize and lead internal and external audits, including audits of German headquarters and other European entities
Ensure compliance with relevant regulations (e.g., GDPR) and internal corporate standards
Prepare management-level reporting on security posture, risks, and remediation plans
External Provider Management
Take ownership of the relationship with external IT security and compliance providers
Evaluate existing outsourced services and bring activities back under internal control where appropriate
Coordinate, steer, and challenge external partners to ensure quality, efficiency, and alignment with SAMY standards
Operational & Cross-Functional Coordination
Work closely with local teams in Madrid (including Office Management, Local Administration, and HR)
Collaborate with key stakeholders such as Blanca, Gonzalo, Joseph, and European leadership teams
Support local offices while maintaining a global corporate perspective
Act as a trusted advisor to management on security, compliance, and risk topics
Audits, Travel & Continuous Improvement
Travel regularly to SAMY locations across Europe to conduct audits and assessments
Identify gaps, drive remediation actions, and ensure follow-up
Continuously improve security maturity and operational efficiency
Build awareness and promote a strong security culture across the organization
