Cybersecurity GRC specialist Lisboa

Overview

General Job Description: Set and supervise cyber governance in line with Global CISO Organization ensuring different teams of the Group work under a common model aligned with Santander business strategy and objectives; managing cyber security risk posture and complying with agreed internal policies and procedures and external regulations; coordinating the governance model and preparing official reporting to respective governing bodies in the entity.

Location: Lisboa, Portugal

Key Responsibilities

• Design, implement, and manage the organization’s Cybersecurity Awareness Program aligned with Global CISO Organization. Develop engaging content (e-learning modules, phishing simulations, newsletters, and workshops) to promote a strong security culture.
• Track and measure program effectiveness using KPIs (e. g. , phishing click rates, training completion rates, employee risk scores).
• Set and supervise the implementation of cyber strategy and objectives achievement, aligned with Group’s cyber strategy and delivery of
  - demand strategic outputs to support operational teams.
• Drive implementation and monitor of Group’s cybersecurity policies, standards and controls in the organization, in compliance with applicable laws, regulations and international standards (i. e. EBA/ECB, SOX, PCI, Swift, NIST, CIS, etc. ) to manage cybersecurity emerging threats and risks trends.
• Coordinate Subsidiary cyber teams to support Global GRC team in the execution of independent assessments, audits and regulatory inspections of cybersecurity controls and certifications reviews (e. g. : ISO, PCI DSS, SOX) performed by internal/external parties, and support on the remediation of recommendations.
• Ensure that Subsidiary
  - parties/vendor ecosystem is properly evaluated, assessed and managed to minimize risk exposure and risk impacts to the business, aligned with Group’s cybersecurity policies and standards.

Requirements

• Cybersecurity Risk Management: Ability to identify, assess, and communicate risks to support informed
  - making.
• Policies & Standards: Skilled in developing and implementing cybersecurity strategies, policies, and procedures in compliance with regulations.
• Security Certifications & Audits: Familiarity with frameworks like SOC2 and ISO 27001; ability to assess and improve security controls.
• Legal & Regulatory Compliance: Understanding of key regulations (e. g. , SOX, PCI, GDPR) and their impact on business operations.
• Information Security Management: Application of cybersecurity and privacy principles to ensure confidentiality, integrity, and availability.
• Data Reporting: Proficient in gathering and leveraging data from internal and external sources to support
  - making.
• Critical Thinking & Decision-Making: Strong analytical skills to evaluate complex situations and make sound judgments.
• Effective Communication: Ability to clearly convey technical and strategic information across diverse audiences.
• Performance Measurement: Knowledge of techniques to assess and improve the effectiveness of cybersecurity initiatives.
• Certifications (Preferred): ISO 27001 Lead Auditor, CISM, CRMA, CISA, CISSP.
• Fluency in Portuguese and English

About Us

No Santander cada um de nós é “Risk Pro”. Isto significa ter a responsabilidade pessoal de identificar, avaliar, gerir e reportar eventuais riscos para o banco decorrentes do desempenho das nossas funções. Vamos
- te o conhecimento e as ferramentas para seres Risk Pro em todas as situações. Esta cultura de riscos é fundamental para o Santander Way, a nossa forma de trabalhar. O Banco dispõe, nos termos do previsto na Lei nº 93/2021 de 20 de dezembro, de um canal de denúncias – Canal Aberto, acessível através do link https://secure. ethicspoint. eu/domain/media/pteu/gui/105862/index. html

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Finance and Information Technology
• Industries: Financial Services, IT Services and IT Consulting, and Software Development

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.