Risk IT & Cybersecurity Analyst - SDSCountry: Spain Hello! Welcome to the place responsible for developing the technology that improves the lives of 160 million customers around the world! This job offer is an opportunity not only to join a great company but also to collaborate in projects that have a real impact on society.
We are looking for a RISK IT & CYBER ANALYST based in our Madrid office, with at least 3-5 years of experience in RISK IT & CYBER.
Let's get to know each other! Santander Digital Services (SDS) is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that out work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 7,000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies (including Blockchain, Big Data and Angular among others) on all kinds of on-premise and cloud-based platforms.
We are undergoing one of the biggest transformations in our history and technology is at the heart of our strategy. Join our team to play a part in one of the most important technological projects for the financial sector in the world.
One of our guiding principles is continuous innovation, working with Agile and DevSecOps methodologies and adopting all the leading market technology to work with the best tech stack.
We recently received Top Employer certification in Spain, Europe and globally for the sixth consecutive year and we are one of the World's 25 Best Workplaces. We are very proud to be an equal opportunities organisation and we are building a dynamic and proactive team. All we ask from you is that you bring a positive attitude and share our values and a commitment to development of cutting-edge technology, no matter where you come from or where you end up.
You will be part of Non-Financial Risk Global CoE, delivering services to entities. Independent risks and controls challenge and oversight.
The main responsibilities of the position include:
Review and challenge risk and control assessments resulting from CISO self-assessment (including evidence and support documentation).
Examine risk and control library and prioritize review based on risk drivers.
Escalate areas of disagreement with the Global control owner in accordance with established governance.
Risk assessment ongoing review, challenge and continuous trigger event analysis.
Monitoring risk and control issues and actions remediations.
Provide entities actionable outputs and capture information in Heracles. Leverage outputs of controls assessment to determine deep dives reviews.
Possibility of making occasional trips to the geographies where Banco Santander is present (e.g. Portugal, UK, Poland, Brazil or Mexico).
What you'll bring You're sure to fit in if you like technology and are constantly learning about new developments, as well as having an interest in better understanding the risks faced by the Bank. In addition to developing your technical skills, you should also be interested in improving your soft skills .
If you think you've got what it takes, these are the key skills we'll be looking for in your CV:
3 - 5 years of experience related to IT / Cyber Security Risk Management, Cyber GRC or IT / Security Audit.
Higher education in computer science or similar.
Technical skills:
Knowledge of risk frameworks such as NIST, CIS, FFIEC, FAIR, ISO2, ISO31.
Certified in one of: CRISC, CISSP, CISA or/and CISM.
Knowledge of Santander Cybersecurity systems and infrastructure.
Skills and strategic thinking to review risk profiles and prioritize actions.
Capacity to leverage on existing information to determine independent controls assessments.
Ability to support and suggest control enhancements.
Soft Skills:
Excellent level of English is mandatory (C1) / Effective communication/ Accuracy and attention to detail /Critical thinking/ Interpersonal relationships/ Problem solving/ Takes ownership/ Optimism regarding uncertainty.
What is the Be Tech! experience like? Hybrid working model (working remotely some days and meeting with the team in the office on other days).
Flexible working hours.
Possibility of travelling to collaborate with teams in other countries.
Opportunities to develop your career in different overseas units and countries.
Continuous training in innovative technical fields so you are always up to date and have the tools you need to do your job.
Career plan to ensure your professional growth and that your efforts are duly rewarded.
Highly competitive salary and bonuses.
Financial benefits (special interest rates for loans, preferential banking terms, pension plan, life insurance, etc.)
Social benefits (gym and medical centre on the premises, daily meal subsidy with a choice of seven restaurants, parking, shuttle service to the centre of Madrid, discounts and offers with different companies for Santander employees and much, much more that we will tell you all about when you arrive!)
What now? If you like what you've read so far, you'll like it even more once you're on board... So why not join us?
If you want to know more about us, follow us on https://es.linkedin.com/company/banco-santander
visit our website https://www.betechwithsantander.com/en/home
Set and supervise correct implementation for Subsidiary cybersecurity strategy in line with Group's cybersecurity strategy, Subsidiary´s regulatory requirements and business needs. Support and enable adoption of global defences across systems and information of the Subsidiary. Drive implementation of Group´s cybersecurity minimum requirements, policies and regulatory requirements in the Subsidiary. Assess and report cybersecurity risk to the Subsidiary. Perform security assessments and enforce remediation for cybersecurity risk´s and vulnerabilities in the Subsidiary´s information, assets, systems, projects and third parties. Manage electronic fraud protection activities in close coordination with the relevant Business areas. Engage, coordinate and report cybersecurity activities and events with the relevant Subsidiary business areas, regulators, government agencies, partners and any other third parties. Support managers and business areas to drive the right security behaviours in the Subsidiary. Titulaciones Engineering (Master Degree) - 5 years Idiomas Spanish