Information Protection Senior Analyst (Cybersecurity Team) - SCFCountry: SpainIT STARTS HERE Santander () is evolving from a global, high-impact brand into a technology-driven organization, and our people are at the heart of this journey.
\n
Together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what's possible.
\n
This is more than a strategic shift.
\n
It's a chance for driven professionals to grow, learn, and make a real difference .
\n
Our mission is to contribute to help more people and businesses prosper .
\n
We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management.
\n
Santander Consumer Finance Global Services provides technological solutions and process services to the Santander Group's Consumer Finance business covering the end-to-end of technology, from architecture design, infrastructure management, development and integration of own and third-party maintenance applications and technological support and project management.
\n
In addition, we provide business consulting services, methodology and functional support.
\n
THE DIFFERENCE YOU MAKE Santander Consumer Global Services is looking for an Information Protection Senior Analyst based out Boadilla del Monte Office, Madrid.
\n
You will be part of SCF's Integral CISO Team within the Information Protection area.
\n
Your main responsibilities will be related to coordination and supervising Data Loss Prevention and to provide support for the Identity & Access Management department.
\n
Your scope will be all the SCF Units under scope ( entities in countries).
\n
Facilitate application integration, workflow definition, audit requirements for IAM/PAM Lead and coordinate the integration of applications within the Identity and Access Management (IAM) and Privileged Access Management (PAM) ecosystem, ensuring alignment with corporate security standards.
\n
Define and optimize access workflows (joiner/mover/leaver processes, recertifications, privileged access requests), while embedding audit and compliance requirements (e.G., traceability, segregation of duties, least privilege).
\n
Act as a bridge between business, IT, and security teams to ensure scalable and compliant implementations.
\n
Support internal and external auditors (SOX controls and deficiencies) Act as a key point of contact during internal and external audits, particularly in relation to SOX controls linked to access management and data protection.
\n
Provide evidence, documentation, and control narratives, ensuring timely and accurate responses.
\n
Identify control gaps or deficiencies, support remediation plans, and follow up on their implementation to ensure compliance and audit readiness.
\n
Track and oversee DLP controls deployment and incident handling Monitor and oversee the implementation and effectiveness of Data Loss Prevention (DLP) controls across endpoints, networks, and cloud environments.
\n
Analyze alerts related to potential data exfiltration, support triage and escalation processes, and provide risk-based decision support in the event of suspected data leaks.
\n
Collaborate with technical teams to continuously improve detection rules and reduce false positives.
\n
Support coordination of DLP services and forums Assist in the coordination and governance of DLP-related services, ensuring alignment across different teams and regions.
\n
Participate in and help organize DLP forums or working groups, contributing to knowledge sharing, standardization of practices, and continuous improvement of data protection capabilities.
\n
Maintain communication with local and general stakeholders Establish and maintain effective communication with local Information Protection focal points across different countries, as well as with Global Cybersecurity teams.
\n
Ensure alignment of policies, controls, and initiatives, while facilitating the exchange of best practices, risks, and ongoing activities in the data protection and IAM domains.
\n
WHAT YOU'LL BRING Our people are our greatest strength.
\n
Every individual contributes unique perspectives that make us stronger as a team and as an organization.
\n
We're enabling teams to go beyond by valuing who they are and empowering what they bring.
\n
The following requirements represent the knowledge, skills, and abilities essential for success in this role.
\n
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
\n
Professional Experience At least years of experience Education Computer Engineering / Computer Science or similar.
\n
Languages High level of English, at least, B + recommendation C (Required) Spanish (Required) Hard Skills Specific knowledge of Information and Access Management