Country: Spain Position: Cyber GRC Manager Regulatory & Compliance Location: Boadilla del Monte WHY YOU SHOULD CONSIDER THIS OPPORTUNITY At Santander, we are key players in the transformation of the financial sector.
Do you want to join our team and continue your professional development?
In Banco Santander, cybersecurity involves engaging in the protection of the people and communities where the Bank is present, aiming to integrate ethical and social criteria into the strategy, business model, and internal processes, involving the entire structure of the Group and collaborating in the development of secure environments that prevent and detect threats to our services and infrastructures, using the latest technologies.
We adopt a strong risk culture and expect all our professionals, regardless of their position, to have a proactive and responsible attitude towards risk management.
Santander is proud to be an organization where we care about the development of people and where there is equality of opportunity, regardless of race, sex, religion, age, sexual orientation, marital status, disability, nationality, or gender identity.
WHAT YOU WILL DO IN YOUR JOB As members of the corporate GRC area, within the CISO Global function, we are the first line of defense in managing the Group's cybersecurity.
Our main mission is to ensure the proper development and implementation of the cybersecurity control environment in the Group entities, collaborating with more than 20 local and global units for the coordination of the necessary activities.
Specific Functions: Control and follow-up of applicable regulatory requirements from various Cyber regulations impacting the Group.
Definition of the cybersecurity control framework used in the Group entities and defense towers to cover cybersecurity requirements.
Identification and follow-up of improvement points in the Group's cybersecurity control model.
Support to Group entities and defense towers to improve their control environment through regulatory advisory tasks.
Monitoring and analysis of cybersecurity non-compliance.
Participate in transformation projects to enhance the Cyber GRC function (automation processes, control and compliance of information systems).
General Functions: Lead management in the Compliance area of GRC through indicators, presentations, and reports.
Communication skills with eCISOs, technical teams, team leaders, and Global Heads.
EXPERIENCE 7-8+ years in one of the following roles: Cybersecurity risk management Technological auditing or security associated with Cyber regulations/legislation.
Internal control of cybersecurity.
Cybersecurity operations.
Monitoring of cybersecurity controls or metrics.
Cyber risk analysis and evaluation.
EDUCATION - Bachelor's degree in IT or similar.
- Specific training (master's/postgraduate) in the field of cybersecurity.
SKILLS AND KNOWLEDGE - Knowledge in internal or external cybersecurity audits.
- Knowledge of regulatory control models (e.g.
PCI, DORA...).
- Knowledge of cybersecurity control frameworks (e.g.
NIST, ISO27002, CSF...).
- Knowledge of cybersecurity configuration processes and mechanisms (hardening guides and secure system configuration, cloud security, antimalware and EDR, network protection, etc.).
- Knowledge related to the evaluation/monitoring of security controls.
- High-level English.
If you want to know more about us, follow us on our website.
#J-18808-Ljbffr