GRC Expert for third parties - Security (ODS)

Country: Spain

Open Digital Services is a tech company with a unique culture, dedicated to creating innovative products for Santander Group Affiliates. Open Digital Services is part of the Retail & Commercial Division of Santander Group, one of the world's largest financial institutions and the Eurozone's leader, we're committed to being the best Digital Bank with Branches in the industry.    

Our mission at ODS is to design and support an advanced digital and omnichannel platform, ensuring the best customer experience using cutting-edge technology. Openbank, our flagship partner, is where we develop our most advanced concepts. Be part of our Best-in-Class tech team and help us create unique value for our customers! 

Join us to tackle exciting tech challenges in an agile environment, benefiting from learning, growth, and local and international career opportunities in a modern, diverse setting.

Mission and responsibilities:

As part of the Governance, Risk, and Compliance (GRC) team, the Expert for Third Parties (3P) will assess all initiatives to use third parties in our platform, ensuring the appropriate level of security and controls are in place before contracting and moving workloads into production.

The main tasks of this position will be the following:

- Assess and approve third-party initiatives, ensuring security and controls are in place before contracts are signed and workloads go into production.

- Manage contract clauses, conduct annual reviews, implement shared responsibility models, and follow up on raised findings.

- Perform IT risk assessments and system/application audits.

- Review and negotiate technology and service contracts to ensure compliance with legal and regulatory requirements.

- Utilize risk management and compliance tools for effective monitoring.

- Implement and manage audit and analysis tools.

To be successful in the role you must have:

- Familiarity with standards such as ISO 27001, NIST, GDPR, CCM, and understanding of cybersecurity practices and controls.

- Experience in conducting IT risk assessments and performing system and application audits.

- Understanding of contractual terms and legal/regulatory compliance, with the ability to review and negotiate contracts.

- Familiarity with risk management and compliance tools, and proficiency in audit and analysis tools.

- Ability to identify, analyze, and solve complex problems effectively, performing detailed analysis and presenting clear recommendations.

- Ability to collaborate effectively with multidisciplinary teams. Leadership and team management skills are beneficial for senior roles.

- Attention to Detail: meticulousness in reviewing contracts and evaluating applications and services.

- Bachelor's Degree in Computer Science, Information Systems, Computer Engineering, or a related field. A Law degree with specialization in Information Technology Law is also valuable.

-  Desirable certifications: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Third Party Risk Professional (CTPRP), Certified in Risk and Information Systems Control (CRISC).

- Advanced English and Spanish.

What do we offer?

- Joining a dynamic and agile company undergoing international expansion.

- Working in start-up mode with the support of the Santander Group.

- Competitive remuneration and attractive benefits package.

- Possibility of growth within the company and the Group.

- Collaborating on international projects in different countries.

- Excellent work environment, social clubs and frequent events.

Would you like to grow with us? Join our team!

ODS is an equal opportunity employer. All applicants will be considered as equal without paying attention to gender identity, sexual orientation, ethnicity, religion, age, political orientation, union membership nor disability status.

We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify, and build.

The personal data you provide as well as any data generated during the selection process are confidential and will be processed by Open Bank, S.A./ Open Digital Services, S.L. with registered office at Plaza de Santa Bárbara 2, 28004 (Madrid), for the sole purpose of managing your participation in the selection processes and, where appropriate, to formalise your recruitment.  

For further information about your rights and data protection, please read the ODS/Openbank Privacy Policy applicable to this type of data processing here.