Location - Barcelona, Remote

Manage the risk. Fix the gaps. Build what works.

At Nivoda, we're not just managing risk — we’re building resilient foundations that power a global, fast-scaling business. As an IT Security Officer, you’ll roll up your sleeves to identify control gaps, design solutions, and deliver them end to end. No hand-offs, no theoretical frameworks — this is a hands-on, execution-first role for someone who wants to build real impact.

You’ll work directly with teams across Tech, Product, Ops, Risk and Senior Leadership to strengthen how we operate — from process design to system safeguards, vendor risk to business continuity. You’ll help us go faster, more securely, and with total confidence in the foundations we're building.

About us:

Nivoda’s B2B diamond and gemstones marketplace allows jewellery retailers to save time and money whilst gaining access to a global diamond supply at the best prices, with zero inventory risk.

With a team of over 300 dedicated employees around the world and a wealth of experience in the industry, Nivoda has developed an award-winning solution that enables jewellery businesses of any size, in any location, to buy and sell diamonds in the most profitable, efficient and hassle-free manner.

Over the course of the last six years, Nivoda has evolved into a global platform recognised for its innovation, customer service and ability to deliver a seamless, reliable and efficient experience.

Since its launch in 2017, Nivoda has remained true to its founding mission: build the trusted global marketplace for the jewellery industry by delivering modern tools and quantitative ROI.

What you’ll do:

• Drive End-to-End Security Solutions: Own and execute IT security and business continuity risk initiatives from identification to implementation. Don’t just flag issues — fix them by collaborating across teams and seeing solutions through to resolution.

• IT Control Design & Testing: Conduct deep-dive IT control assessments and test the design and operating effectiveness of IT and Security controls across the business. Translate findings into smart, practical improvements that teams can actually adopt.

• Strengthen System Classification & Security: Run CIA assessments to classify systems and test appropriate security controls are in place. Work with system owners, Engineering, Data and Product to ensure controls are designed and implemented, not patched later.

• Security of PII data and GDPR Compliance: Work closely with engineering, system owners and infrastructure teams to ensure security controls around PII data are correctly implemented within IT systems—through privacy design reviews, technical validations, and periodic audits of access, encryption, logging, and data handling configurations.

• Build and Own Business Continuity Plans: Improve, test and maintain Business Continuity and Disaster Recovery Plans (BCP/DRP) across critical functions. Run regular scenario-based continuity tests to validate readiness, backup effectiveness and recovery times. Ensure teams know what to do — and that it actually works when tested.

• Improve Security Monitoring and Incident Readiness: Support implementation and build reporting of security monitoring tools (e.g., SIEM, endpoint protection, access logs). Work with engineering to define indicators of compromise (IoCs) and automate alerting and follow up. Participate in incident response and continuously improve playbooks.

• Control Security Vendor Risk with Confidence: Evaluate third-party providers, own and perform IT Security risk assessments for contract owners, and make sure we have real continuity, not just paper guarantees.
  

What you’ll need:

• Minimum 3 years experience in IT Security, business continuity management, and/or IT Risk Management.

• Experience in a start or scale up is preferred.

• You can turn and explain a complex situation into something simple, strong, and scalable

• Work fast and get things done — without compromising on detail

• Speak the language of both tech and operations

• Thrive in a high-growth, high-trust environment where execution matters

• Certifications such as CISM, CISA, ISO27001, CBCP, or CDRE are desirable.

What we offer:

• Opportunity to join us at a dynamic growth phase, where your contributions can have a significant impact on shaping the company's future success

• Exposure to senior leadership and the opportunity to contribute to strategic decision-making.

• Remote working environment

• Flexible working

• Unlimited holiday

• Fast-paced and global working environment