It’s time to go places

Description

Ryanair Labs are currently recruiting for a Information Security Risk and Compliance Analyst to join Europe’s Largest Airline Group!

This is a very exciting time to join Ryanair as we look to expand our operation to 800 aircraft and 300 million guests within the next 10 years.

Ryanair Labs is the technology brand of Ryanair. Labs is a state of-the-art digital & IT innovation hub creating Europe’s Leading Travel Experience for our customers.

The Role:

We are seeking a proactive and detail-driven Information Security Risk and Compliance Analyst to join our GRC team. This role supports the design and execution of our enterprise risk management activities, with a strong focus on NIST-based frameworks including the NIST Cybersecurity Framework (CSF) and NIST Risk Management Framework (RMF). 

You will assist in the daily implementation of our information security, risk management, and compliance program. The role includes supporting audit readiness, maintaining security documentation, and ensuring alignment with frameworks and regulations such as GDPR, PCI-DSS, ISO/IEC 27001, NIS2, and the EU AI Act. 

Success in this role will be measured by the quality and effectiveness of information security risk and compliance controls across the company. 

Requirements

• 3–5+ years in IT audit, Information Security, or Governance, Risk & Compliance 
• Hands-on experience with NIST CSF and/or NIST RMF in enterprise environments 
• Strong understanding of risk analysis techniques and control-based mitigation 
• Working knowledge of GDPR, PCI-DSS, ISO/IEC 27001, NIS2, and EU AI Act 
• Experience maintaining a risk register and reporting to technical/business teams 
• Familiarity with applying risk frameworks in Information Security 
• Proficient in Microsoft Office (Excel, PowerPoint, Word) 
• Experience with GRC platforms (e.g., OneTrust, ServiceNow, Archer) 
• Excellent written and verbal communication skills in English 

Nice to have:

• Experience in aviation, logistics, or regulated industries 
• Knowledge of NIST SP 800-53, CIS Controls, ISO/IEC 27002 
• Professional certifications: CRISC, CISA, CISSP, ISO 27001 Lead Implementer or Auditor 
• Familiarity with AI risk classification under the EU AI Act 
• Knowledge of aviation regulations (e.g., Part-IS) 
• Experience evaluating third-party security postures, especially vendors handling sensitive data or AI systems 

Benefits

• We promote innovation, all our teams are Agile and several PoCs of new technologies or innovative ideas are launched every week.
• A competitive but flexible technical career plan.
• We believe in an hybrid working model, you can work up to three days per week remote, but you are also going to enjoy the excellent work environment at our modern offices in the heart of Madrid.
• Optional discounts on health insurances (various companies).
• Travel discounts, of course!.

Competencies