Chief Security Officer - España - Tunstall Spain

Descripción

Chief Security Officer (CSO)
Barcelona
Barcelona, Catalunya, ES
We are currently recruiting for a Chief Security Officer (CSO) , reporting to the Chief Technology Officer, to be responsible for ensuring the security, privacy, and compliance of Tunstall's operations on a global scale.
This role could work on a hybrid basis from any of our main hubs, Manchester city centre, Malmo, or Madrid.
What will you be doing in this role?
As our CSO , you will safeguard the company's internal infrastructure, but also influence and contribute to the security and resilience of our operations, assets, and reputation. This role is not just the shaping of strategy but the execution and be hands-on delivery of this strategy.
You will help shape and build a comprehensive cyber security and information security strategy that aligns with business objectives and play a pivotal role in ensuring the security of our SaaS products .
The identification, assessment, and prioritisation of security risks associated with both internal and external factors and ensuring the compliance with all relevant laws and regulations related to security, including GDPR (and other relevant data protection regulations), are vital to the success of this role.
You will lead, inspire, and mentor the security and compliance teams globally, fostering a culture of continuous improvement, innovation, and excellence, as well as promoting security awareness throughout Tunstall, upskilling, and educating colleagues as required.
We are a global business, and our business language is English, so you must be fluent in English to be considered for this role.
The Ideal candidate:
To be successful in this role you will have proven experience in cyber and information security , in a leadership role .
You will have a strong knowledge of software as a service ( SaaS ) products and on-premise technical solutions, with demonstrable experience of delivering security solutions for SaaS products . You will be able to demonstrate success in shaping, building, executing, and implementing a comprehensive cyber security and information security strategy . This role does require someone with in-depth technical cyber security and information security knowledge.
You will have excellent communication skills , both verbal and written, able to convey and ensure an understanding of complex messages. In addition, you will be a proven and collaborative leader , with a strong teamwork ethic, a can-do attitude , happy to be both strategic and hands on , and used to working in a fast-moving organisation, able to create structure and clarity from ambiguity.
Experience with a hardware provider / manufacturer as well would be highly desirable.
What we offer:
- Hybrid Working,
- Competitive salary + potential bonus,
- Car allowance,
- A warm and welcoming team environment.
Some of your key tasks will be...
- Develop, execute, deliver, and provide support on a comprehensive cybersecurity and information security strategy that aligns with business objectives,
- Lead, mentor, and oversee a small global team responsible for security operations, incident response, and threat detection, fostering a culture of continuous improvement, innovation, and excellence,
- Collaborate with the Group IT team to ensure the organisation is protected against cyber threats and maintain an effective incident response plan,
- Play a pivotal role in ensuring the security of Tunstall's SaaS products,
- Identify, review, select, and manage our relationships with appropriate third-party security partners for our products,
- Work closely with product development teams to embed security principles into the product lifecycle,
- Ensure appropriate security assessments, penetration testing, and code reviews are conducted,
- Ensure compliance with all relevant laws and regulations related to security, including GDPR, if applicable,
- Stay informed about evolving cybersecurity regulations, standards, and best practices,
- Collaborate with legal and compliance teams to address security and privacy concerns,
- Identify, assess, and prioritise security risks associated with both internal and external factors,
- Develop and maintain a risk management framework to mitigate risks effectively,
- Establish and enhance incident response plans and conduct drills,
- Evaluate and manage security risks associated with third-party vendors and partners, including those providing security solutions,
- Establish robust vendor security assessment processes and due diligence procedures to ensure the security of third-party products and services,
- Collaborate with external security vendors and consultants to enhance our security posture and stay current with industry best practices,
- Promote a culture of security awareness throughout Tunstall, upskilling and educating colleagues as required,
- Develop and track key performance indicators (KPIs) and metrics to measure the effectiveness of security initiatives,
- Drive continuous improvement in security strategies and practices globally.
Key skills and experience:
- Bachelor's degree in computer science,
Information Security, or a related field, or equivalent experience,
- Proven experience in cyber security and information security, in a leadership role,
- Strong knowledge of SaaS and on-premise technical solutions,
- Proven experience in delivering security solutions for SaaS products,
- Excellent understanding of compliance standards and regulations relevant to the industry,
- Relevant certifications such as CISSP , CISM , or CISA are a plus,
- Strong communication skills, both verbal and written,
- Excellent leadership skills (ideally of a global team),
- A collaborative individual, used to working cross functionally, able to influence and guide individuals,
- Proven experience, and happy to be, both strategic and hands-on in approach,
- Demonstrable experience of successfully driving change and transformation within a business.
A bit about us:
Tunstall is a market-leading health and care technology provider .
We're passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of more than 3, 000 colleagues provides life saving and life changing technology and services to millions of people in 18 different countries .
At Tunstall you'll find a place where you're valued and celebrated for being yourself. We empower our people to deliver the very best teamwork, innovation and thought leadership by creating an environment where we champion diversity and inclusion. We demonstrate our commitment to diversity and inclusion at each step. From our open, fair, and transparent recruitment processes,
through to the many development and career growth opportunities we provide.
Each Tunstall colleague has a superpower... they're unique. No one else is them, and we think that's special. Come and join our mission and be part of our team, our One Tunstall team. Welcome to asks for your consent to use your personal data to:

perm_identity

• perm_identity Personalised advertising and content, advertising and content measurement, audience research and services development

• devices Store and/or access information on a device

Data preferences

You can choose how your personal data is used. Vendors want your permission to do the following:

Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).

Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.

Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.

Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.

Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.

Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.

Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.

Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).

Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.

Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).

Your data can be used to monitor for and prevent unusual and possibly fraudulent activity (for example, regarding advertising, ad clicks by bots), and ensure systems and processes work properly and securely. It can also be used to correct any problems you, the publisher or the advertiser may encounter in the delivery of content and ads and in your interaction with them.

Certain information (like an IP address or device capabilities) is used to ensure the technical compatibility of the content or advertising, and to facilitate the transmission of the content or ad to your device.

Information about your activity on this service may be matched and combined with other information relating to you and originating from various sources (for instance your activity on a separate online service, your use of a loyalty card in-store, or your answers to a survey), in support of the purposes explained in this notice.

In support of the purposes explained in this notice, your device might be considered as likely linked to other devices that belong to you or your household (for instance because you are logged in to the same service on both your phone and your computer, or because you may use the same Internet connection on both devices).

With your acceptance, your precise location (within a radius of less than 500 metres) may be used in support of the purposes explained in this notice.

You can choose your data preferences. This site or app wants your permission to do the following:

Site or app

Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are (or have been) interacting with (for example, to limit the number of times an ad is presented to you).

Information about your activity on this service (such as forms you submit, content you look at) can be stored and combined with other information about you (for example, information from your previous activity on this service and other websites or apps) or similar users. This is then used to build or improve a profile about you (that might include possible interests and personal aspects). Your profile can be used (also later) to present advertising that appears more relevant based on your possible interests by this and other entities.

Advertising presented to you on this service can be based on your advertising profiles, which can reflect your activity on this service or other websites or apps (like the forms you submit, content you look at), possible interests and personal aspects.

Information about your activity on this service (for instance, forms you submit, non-advertising content you look at) can be stored and combined with other information about you (such as your previous activity on this service or other websites or apps) or similar users. This is then used to build or improve a profile about you (which might for example include possible interests and personal aspects). Your profile can be used (also later) to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests.

Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services (for instance, the forms you submit, content you look at), possible interests and personal aspects. This can for example be used to adapt the order in which content is shown to you, so that it is even easier for you to find (non-advertising) content that matches your interests.

Information regarding which advertising is presented to you and how you interact with it can be used to determine how well an advert has worked for you or other users and whether the goals of the advertising were reached. For instance, whether you saw an ad, whether you clicked on it, whether it led you to buy a product or visit a website, etc. This is very helpful to understand the relevance of advertising campaigns.

Information regarding which content is presented to you and how you interact with it can be used to determine whether the (non-advertising) content e.g. reached its intended audience and matched your interests. For instance, whether you read an article, watch a video, listen to a podcast or look at a product description, how long you spent on this service and the web pages you visit etc. This is very helpful to understand the relevance of (non-advertising) content that is shown to you.

Reports can be generated based on the combination of data sets (like user profiles, statistics, market research, analytics data) regarding your interactions and those of other users with advertising or (non-advertising) content to identify common characteristics (for instance, to determine which target audiences are more receptive to an ad campaign or to certain contents).

Information about your activity on this service, such as your interaction with ads or content, can be very helpful to improve products and services and to build new products and services based on user interactions, the type of audience, etc. This specific purpose does not include the development or improvement of user profiles and identifiers.

Content presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type, or which content you are (or have been) interacting with (for example, to limit the number of times a video or an article is presented to you).

Vendors can use your data to provide services. Declining a vendor can stop them from using the data you shared.

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Device characteristics, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, IP addresses, Privacy choices

Data collected and processed: Non-precise location data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, Device characteristics, Users' profiles, IP addresses, Authentication-derived identifiers

Data collected and processed: Device identifiers, Non-precise location data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device characteristics, Browsing and interaction data, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Browsing and interaction data, IP addresses

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, Device characteristics, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Probabilistic identifiers, Device characteristics, Browsing and interaction data, IP addresses, Privacy choices

Data collected and processed: Device identifiers, Non-precise location data, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Device identifiers, Precise location data, Non-precise location data, Device characteristics, IP addresses

Data collected and processed: Device identifiers, Non-precise location data, Probabilistic identifiers, User-provided data, Device characteristics, Browsing and interaction data, Users' profiles, IP addresses, Privacy choices, Authentication-derived identifiers

Data collected and processed: Non-precise location data, Device ...<