Cybersecurity GRC specialist

Country: Portugal

Location: Lisboa

General job description

Set and supervise cyber governance in line with Global CISO Organization ensuring different teams of the Group work under a common model aligned with Santander business strategy and objectives; managing cyber security risk posture and complying with agreed internal policies and procedures and external regulations; coordinating the governance model and preparing official reporting to respective governing bodies in the entity.
 

Key Responsibilities

• Design, implement, and manage the organization’s Cybersecurity Awareness Program aligned with Global CISO Organization. Develop engaging content (e-learning modules, phishing simulations, newsletters, and workshops) to promote a strong security culture.

• Track and measure program effectiveness using KPIs (e.g., phishing click rates, training completion rates, employee risk scores).

• Set and supervise the implementation of cyber strategy and objectives achievement, aligned with Group’s cyber strategy and delivery of on-demand strategic outputs to support operational teams.

• Drive implementation and monitor of Group’s cybersecurity policies, standards and controls in the organization, in compliance with applicable laws, regulations and international standards (i.e. EBA/ECB, SOX, PCI, Swift, NIST, CIS, etc.) to manage cybersecurity emerging threats and risks trends.

• Coordinate Subsidiary cyber teams to support Global GRC team in the execution of independent assessments, audits and regulatory inspections of cybersecurity controls and certifications reviews (e.g.: ISO, PCI DSS, SOX) performed by internal/external parties, and support on the remediation of recommendations.

• Ensure that Subsidiary third-parties/vendor ecosystem is properly evaluated, assessed and managed to minimize risk exposure and risk impacts to the business, aligned with Group’s cybersecurity policies and standards
  
  Requirements
   

• · Cybersecurity Risk Management: Ability to identify, assess, and communicate risks to support informed decision-making.

• · Policies & Standards: Skilled in developing and implementing cybersecurity strategies, policies, and procedures in compliance with regulations.

• · Security Certifications & Audits: Familiarity with frameworks like SOC2 and ISO 27001; ability to assess and improve security controls.

• · Legal & Regulatory Compliance: Understanding of key regulations (e.g., SOX, PCI, GDPR) and their impact on business operations.

• · Information Security Management: Application of cybersecurity and privacy principles to ensure confidentiality, integrity, and availability.

• · Data Reporting: Proficient in gathering and leveraging data from internal and external sources to support decision-making.

• · Critical Thinking & Decision-Making: Strong analytical skills to evaluate complex situations and make sound judgments.

• · Effective Communication: Ability to clearly convey technical and strategic information across diverse audiences.

• · Performance Measurement: Knowledge of techniques to assess and improve the effectiveness of cybersecurity initiatives.

• · Certifications (Preferred): ISO 27001 Lead Auditor, CISM, CRMA, CISA, CISSP.

• Fluency in Portuguese and English

About Us
No Santander cada um de nós é “Risk Pro”. Isto significa ter a responsabilidade pessoal de identificar, avaliar, gerir e reportar eventuais riscos para o banco decorrentes do desempenho das nossas funções. Vamos dar-te o conhecimento e as ferramentas para seres Risk Pro em todas as situações. Esta cultura de riscos é fundamental para o Santander Way, a nossa forma de trabalhar.

O Banco dispõe, nos termos do previsto na Lei nº 93/2021 de 20 de dezembro, de um canal de denúncias – Canal Aberto, acessível através do link https://secure.ethicspoint.eu/domain/media/pteu/gui/105862/index.html