We are currently recruiting for a Security Compliance & Privacy Lead, reporting to the Head of Governance, Risk & Compliance, to lead the development, implementation and continuous evolution of Tunstall’s information security policies, standards and control framework across all geographies and business units, ensuring alignment with international compliance standards and regulatory requirements.

This is a great time to join Tunstall as we embark on an exciting period of transformation. You will be joining a recently created and growing global Information Security team within Tunstall and play a key part in the success of this transformation.

This role would be based at our Madrid office working on a hybrid basis. We are also happy to consider someone who lives within commuting distance of our UK Head office (Whitley, DN14 0HR) or Hyllie (Malmo, Sweden) site.

A bit about us:

Tunstall is a market-leading health and care technology provider.

We’re passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of more than 3,000 colleagues provides life saving and life changing technology and services to millions of people in 18 different countries.

At Tunstall you’ll find a place where you’re valued and celebrated for being yourself. We empower our people to deliver the very best teamwork, innovation and thought leadership by creating an environment where we champion diversity and inclusion. We demonstrate our commitment to diversity and inclusion at each step. From our open, fair, and transparent recruitment processes, through to the many development and career growth opportunities we provide.

Each Tunstall colleague has a superpower… they’re unique. No one else is them, and we think that’s special. Come and join our mission and be part of our team, our One Tunstall team.

What will you be doing in this role?

The role acts as the subject matter expert and advisor on information security compliance and regulatory matters (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR and other applicable frameworks), ensuring Tunstall’s security posture aligns with current and emerging regulatory requirements across all operating regions.

The Ideal candidate:

To be successful in this role you will have significant experience working as a policy owner and partnering with Data Protection Officers (DPOs). They should also have a good understanding of Spanish Local Information Security Regulations and experience of running/managing both internal and external audits.

What we offer:

• Hybrid Working,
• Competitive salary + potential bonus,
• Boost your learning and growth through access to a Talent Library with over 800 courses, and access to Udemy or O’Reilly learning platforms,
• A warm and welcoming team environment and a chance to build a rewarding career.

Some of your key tasks will be…

• Define and develop the information security policy framework for Tunstall, ensuring all policies, standards and procedures are current, comprehensive and aligned with international best practices and applicable regulatory requirements across all regions and business units. Communicate and socialise the policy framework across the organisation.
• Maintain a deep and current knowledge of existing and emerging regulatory requirements and compliance standards applicable to Tunstall (e.g. ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR, sector-specific regulations), advising and influencing all geographies, business units and stakeholders to align with these requirements and support compliance roadmap development.
• Design and develop the information security control framework based on industry standards and Tunstall's regulatory requirements, defining controls, control objectives, and mapping them to relevant policies and standards to ensure comprehensive coverage of security risks and compliance needs.
• Track, coordinate, and manage an overarching view of internal and external audits across all countries and regions, ensuring that required resources are allocated, audit timelines are met, and findings are consolidated into coherent reports. Guide, assist and support local teams and audit partners as required.
• Organise and actively participate in audit activities across regions, serving as the Point of Contact to ensure audit scopes, procedures and documentation standards are consistent and aligned with established audit protocols.
• Monitor and report on compliance and effectiveness of controls within the Tunstall’s security control framework across all regions. Identify control gaps and develop remediation strategies in collaboration with the Regional Information Security Officers (RISOs) and business stakeholders.
• Prepare and present to senior stakeholders comprehensive reports on compliance status, audit findings, control effectiveness, remediation progress, and other key performance indicators across all geographies.

Key skills and experience:

• Proven experience in information security compliance, audit, or closely related roles in complex, multinational organisations.
• Proven experience managing security compliance programs and building or evolving security control frameworks in multinational environments.
• Deep understanding of information security standards and regulatory frameworks (ISO 27001, NIST, Cyber Essentials, NIS2, Esquema Nacional de Seguridad, CRA, GDPR and others applicable to Tunstall's operating regions).
• Proven experience coordinating and leading audit activities (internal and external) across multiple geographies, including audit planning, execution, and consolidation of findings.
• Experience developing and maintaining information security policies, standards, and procedures.
• Excellent written and verbal communication skills with the ability to convey complex compliance and control concepts to both technical and non-technical stakeholders.
• Strong stakeholder management and influencing capabilities in multicultural, complex organisational environments.
• Ability to manage complexity and make sound decisions with limited information or under uncertainty.
• Bachelor degree in Information Security, Computer Science, Computer Engineering, Mathematics, Business Administration, Law or similar.
• English: CEFR C1.

Required competencies

• Process-oriented, methodical and rigorous in approach. Attention to detail and passion for compliance accuracy.
• Stakeholder management and influencing capabilities.
• Collaboration and partnership in multicultural ecosystems.
• Analytical and problem-solving mindset.
• Strategic thinker with ability to translate regulatory requirements into practical security controls and policies.
• Hunger for learning and staying current with evolving compliance landscape.
• Self-driven and able to work with autonomy while maintaining strong communication with leadership.

Desirable skills and experience

• Professional certifications such as CISA, CRISC, ISO 27001 Lead Auditor or similar compliance/control-focused credentials.
• Experience with GRC tools and platforms.
• Experience in healthcare, critical infrastructure, or regulated industries.

If you are not sure if you have the relevant skills or experience, then please apply (only takes a few minutes) and let our team review and come back to you.

Equal Opportunities at Tunstall
At Tunstall, we’re committed to building a team that reflects the diversity of the communities we serve. We welcome applications from people of all backgrounds, experiences, and abilities, and we celebrate the unique strengths each colleague brings. Our recruitment process is open, fair and inclusive, and we’re dedicated to providing any reasonable adjustments you may need to thrive.