Country: Spain
Position: Cyber GRC Manager Regulatory & Compliance
Location: Boadilla del Monte
WHY YOU SHOULD CONSIDER THIS OPPORTUNITY At Santander, we are key players in transforming the financial sector. Do you want to join our team and continue your professional development? In Banco Santander, cybersecurity means engaging in the protection of the people and communities where the Bank operates, integrating ethical and social criteria into our strategy, business model, and internal processes.
We involve the entire structure of the Group and collaborate in developing secure environments that prevent and detect threats to our services and infrastructures, utilizing the latest technologies. We adopt a solid risk culture and expect all our professionals, regardless of their position, to have a proactive and responsible attitude towards risk management. Santander takes pride in being an organization that cares about the development of its people and where there are equal opportunities, regardless of race, gender, religion, age, sexual orientation, marital status, disability, nationality, or gender identity.
WHAT YOU WILL DO IN YOUR JOB As part of the corporate GRC area, within the Global CISO function, we are the first line of defense in managing the cybersecurity of the group. Our main mission is to ensure the proper development and implementation of the cybersecurity control environment in the Group's entities, collaborating with more than 20 local and global units to coordinate the necessary activities.
Specific Functions: Control and monitoring of applicable regulatory requirements from various Cyber regulations impacting the Group.Definition of the cybersecurity control framework used in the Group's entities and defense towers for cybersecurity requirements coverage.Identification and tracking of improvement points in the Group's cybersecurity control model.Support to the Group's entities and defense towers for improving their control environment through regulatory advisory tasks.Monitoring and analysis of cybersecurity non-compliance.Participate in transformation projects to enhance the Cyber GRC function (automation processes, control, and compliance of information systems).General Functions: Lead management in the GRC Compliance area through indicators, presentations, and reports.Communication skills with eCISOs, technical teams, team leaders, and Global Heads.EXPERIENCE 7-8+ years in one of the following functions:
Cybersecurity risk management.Technology audit or security related to Cyber regulations/legislation.Internal control of cybersecurity.Cybersecurity operations: Monitoring of controls or cybersecurity metrics.Cyber risk analysis and evaluation.EDUCATION Higher Engineering (or Degree) in IT or similar. Specific training (master's degree/postgraduate) in the field of cybersecurity.
SKILLS AND KNOWLEDGE Knowledge in internal or external cybersecurity audits.Knowledge of regulatory control models (e.g., PCI, DORA ...).Knowledge of cybersecurity control frameworks (e.g., NIST, ISO27002, CSF...).Knowledge of cybersecurity configuration processes and mechanisms (hardening guides and secure system configuration, cloud security, antimalware and EDR, network protection, etc.).Knowledge regarding the evaluation/monitoring of security controls.High level of English.If you want to know more about us, follow us on our website.
#J-18808-Ljbffr