Cyber Assurance & Architecture – OPENBANK

Cyber Assurance & Architecture – OPENBANK

Country: Spain

Technology Risk & Cybersecurity Associate Expert II

Join Openbank, the 100% digital bank of the Santander Group, where innovation meets opportunity! With over 2 million customers across Spain, Germany, the Netherlands, Portugal, we're leading the way in digital banking. From loans and mortgages to a cutting-edge, fully automated investment platform, our products are transforming the industry.

At Openbank, we pride ourselves on simplicity, agility, and security, earning us the title of the most recommended Spanish bank among our customers. Technology is in our DNA and we are constantly developing new digital solutions and products. And we're not stopping there! At Openbank we are proud to be a bank that is gaining more and more international presence, we have just landed in the United States and we have plans to launch in Mexico.

If you're passionate about digital innovation, eager to make an impact, and ready to be part of a dynamic and forward-thinking company, then we want to hear from you! Join us and be part of our journey to redefine banking for the digital age!

Mission and responsibilities:

The mission of the PCI Cybersecurity Compliance & Assurance is to ensure the company's adherence to Payment Card Industry Data Security Standards (PCI DSS) in a cloud-based environment. This role leads the PCI compliance strategy, working with cross-functional teams to implement security policies, manage audits, and assess risks. Additionally, the position is responsible for staying up to date on emerging cybersecurity threats and cloud security innovations, ensuring the technology infrastructure remains secure and aligned with industry best practice.

The position is within Openbank Cybersecurity team and will be in charge, not only to follow up, but to implement the PCI cybersecurity controls.

The main tasks of this position will be the following:

Lead the company’s PCI DSS compliance program, ensuring all business and technical operations align with PCI requirements.

- Collaborate with cross-functional teams (IT, DevOps, Product Development, Legal) to ensure cloud-based systems and services meet PCI security standards.

- Develop, implement, and maintain policies, processes, and procedures for PCI compliance in a cloud environment.

- Serve as the subject matter expert (SME) on PCI DSS and cloud security, providing guidance and recommendations to senior leadership.

- Conduct regular assessments, audits, and gap analyses to ensure ongoing PCI compliance and identify potential risks or vulnerabilities.

- Manage relationships with Qualified Security Assessors (QSAs) and lead all PCI audits and reporting activities.

- Stay current with evolving cybersecurity threats, cloud security innovations, and PCI standards, ensuring the company remains compliant and ahead of emerging risks.

- Develop and deliver PCI DSS-related training to internal teams and stakeholders.

- Implement robust incident response protocols related to PCI data breaches, working closely with the cybersecurity team to mitigate and report any incidents.

- Act as a liaison between business units and the security team, ensuring secure and compliant product development lifecycles in cloud-based environments.

To be successful in the role you must have:

- Strong understanding of cloud security architectures (AWS, Azure, GCP) and cloud compliance frameworks.

- In-depth knowledge of the PCI DSS standard and experience leading PCI compliance programs.

- Experience with risk management, vulnerability management, and security incident response.

- Certifications such as PCI Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or similar are highly desirable.

- Strong communication and leadership skills, with the ability to engage and influence at all levels of the organization.

- Experience working with QSAs and managing external audits and assessments.

- Analytical mindset with the ability to identify and assess security risks in complex, cloud-based systems.

Experience in a fast-paced, innovative environment or startup setting.

- Familiarity with DevSecOps principles and cloud automation tools

- Strong project management skills, including experience with compliance initiatives in agile environments.

-Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field.

- Minimum of 4+ years of experience in PCI DSS compliance, with at least 2 years in a cloud-centric environment.

- Certifications such as PCI Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or similar are highly desirable.

What do we offer?

- Joining a dynamic and agile company undergoing international expansion.

- Working in start-up mode with the support of the Santander Group.

- Competitive remuneration and attractive benefits package.

- Possibility of growth within the company and the Group.

- Collaborating on international projects in different countries.

- Excellent work environment, social clubs and frequent events.

Would you like to grow with us? Join our team!

Openbank is an equal opportunity employer. All applicants will be considered as equal without paying attention to gender identity, sexual orientation, ethnicity, religion, age, political orientation, union membership nor disability status.

We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify, and build.

The personal data you provide as well as any data generated during the selection process are confidential and will be processed by Open Bank, S.A./ Open Digital Services, S.L. with registered office at Plaza de Santa Bárbara 2, 28004 (Madrid), for the sole purpose of managing your participation in the selection processes and, where appropriate, to formalise your recruitment.  

For further information about your rights and data protection, please read the ODS/Openbank Privacy Policy applicable to this type of data processing here. 

#OPENBANK