IT / CYBER RISK COE MANAGER
Country: Spain
IT STARTS HERE
Santander (*****************) is evolving from a global, high-impact brand into a technology-driven organization, and our people are at the heart of this journey. Together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.
This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference.
Our mission is to contribute to help more people and businesses prosper. We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management.
Santander Digital Services is the team of technology and operations at Santander. We are convinced of the importance of technology that is aligned with the requirements of the business and that out work not only brings value to users, people and communities but also fosters individual creativity. Our team of over 10.000 people in 8 countries (Spain, Portugal, Poland, UK, USA, Mexico, Chile and Brazil) develops and/or implements financial solutions across a broad spectrum of technologies (including Blockchain, Big Data and Angular among others) on all kinds of on-premise and cloud-based platforms.
THE DIFFERENCE YOU MAKE
SANTANDER DIGITAL SERVICES is looking for an IT / CYBER RISK COE MANAGER based out of Boadilla.
Responsibilities
* Engage with Internal/External partners (2LoD Cyber Risk teams, CISOs, 1LoD Global CISO functions, CIO, CTO, T&O and Internal Audit) and ensure CoE process adhere with all relevant policy, process, standards, and guidelines.
* Lead cross-functional collaboration, align diverse clients needs and drive effective decision-making and prioritisation concerning scope of work, requirements, and product deliverables.
* Standardize the CoE Process and implement QA for the delivery.
* PMO functions: Project monitoring and coordination.
* Review and challenge risk and control assessments resulting from CISO / CIO self-assessment.
* Conduct targeted reviews on global platforms, risks or projects, assessing it/cyber risk impacts and required controls from design to go-live.
* Monitor and challenge IT, Cyber risk metrics (KRIs).
* Determine and report completeness, consistency and quality of data including their sources and thresholds.
* Prepare and analyse monthly information risk management report.
* Lend support to local entities to resolve waiver requests by providing an informed opinion.
* Lend support to local entities for operational resilience program (DORA) activities.
* Prepare clear, decision-ready governance reporting for committees and working groups; elevate issues with urgency and evidence.
What You’ll Bring
Our people are our greatest strength. Every individual contributes unique perspectives that make us stronger as a team and as an organization. We’re enabling teams to go beyond by valuing who they are and empowering what they bring.
The following requirements represent the knowledge, skills, and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Professional Experience
* 7-10 years of experience related to IT / Cyber Security Risk Management, Cyber GRC or IT / Security Audit. (Required)
Education
* Bachelor’s in Computer Science, Engineering or related (Required)
* Professional certifications strongly valued: CISA, CISM, CRISC and /or CISSP (Required)
* Master’s a plus. (Preferred)
Languages
* Fluent English is mandatory (C1) (Required)
Hard Skills
* Knowledge of ICT Risk frameworks such as NIST, CIS, FFIEC, FAIR, ISO2, ISO31. (Required)
* Knowledge of Cybersecurity systems: IAM, network & firewall management, vulnerability/patch management, cloud security architecture, secure SDLC & containerization, encryption/tokenization, DLP, security logging & monitoring, incident detection & response, and offensive security understanding. (Required)
* Skills and strategic thinking to review risk profiles and prioritize actions. (Required)
* Capacity to leverage on existing information to determine independent controls assessments. (Required)
* Ability to support and suggest control enhancements. (Required)
Soft Skills
* Effective communication/ Accuracy and attention to detail /Critical thinking/ Interpersonal relationships/ Problem solving/ Takes ownership/ Optimism regarding uncertainty. (Preferred)
Other Information
* Possibility of making occasional trips to the geographies where Banco Santander is present (e.g. Portugal, UK, Brazil or Mexico).
WE VALUE YOUR IMPACT
Your contribution matters, and it’s recognized. You can expect a fair, competitive reward package that reflects <...
#J-18808-Ljbffr