Vendor Risk Specialist Cyber & BCP - AQUANIMA Lisbon
Centro Totta
Santander
Our purpose is to help people and businesses prosper. We strive to make all we do Simple, Personal and Fair.WHY YOU SHOULD CONSIDER THIS OPPORTUNITY
At Santander (www.santander.com) we are key players in the transformation of the financial sector. Do you want to join us?
At Aquanima we provide a valuable service to our customers. We are part of the Santander Group and we seek to achieve maximum efficiency for the Group and for external clients, through the management of purchasing processes. As our ultimate and main objective is to maximize savings for our clients, we offer our expertise in purchasing in various expense categories in the 12 countries where we have a presence. In addition, our capabilities allow us to offer other value-added services such as 360º supplier management and contract management. We are a strategic partner to our customers and suppliers, creating long-term relationships with them and helping them to achieve greater efficiency in their day-to-day operations.
Santander is proud of being an organization where there are equal opportunities regardless of gender identity, culture and disability. Our mission is to contribute to help more people and business prosper. We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.
WHAT YOU WILL BE DOING
As a Vendor Risk Specialist in Cybersecurity & BCP, you will be responsible for certifying and managing Vendors regarding Cyber and Contingency risks.
Review and challenge of inherent risk scoring of critical services.
Certificate critical services / vendors, establish and monitor remediation plans, and issue a residual risk rating.
Reporting and collaboration with local CISO and Business Continuity team regarding risk assessment results, continuous improvement of risk methodology, etc.
Periodic reporting to local Cost / Risk areas and respective committees.
We need someone like you to help us in different fronts:
- Reporting of VRAC activity metrics, risk assessment results, remediation plans, and presentations to the local Cost / Risk areas and respective Committees.
- Follow up of the ongoing certification process, including remediation plans.
- Collaboration in third party risk analysis processes between suppliers and risk analysts.
- Review and challenge of inherent risk scoring of critical services.
EXPERIENCE
- 3-5 years of experience working in in Cybersecurity / IT Risk / IT audit / Business Continuity areas.
EDUCATION
- Degree in Business Administration and Management, Engineering or similar.
SKILLS & KNOWLEDGE
- Knowledge of information technology and security certifications, standards and frameworks such as ISAE 3000 | SOC 2, NIST CSF, ISO/IEC 27001, ISO 22301, COBIT...
- Knowledge of IT Audit practices, IT Risk Management, Business Continuity Management, Vulnerability Management, Security testing methodologies (OWASP, OSSTMM...).
- Communication and oral expression fluent in Portuguese and English; Spanish desirable.
OTHER INFORMATION
- A strong candidate will also be able to manage multiple tasks simultaneously and an enthusiastic team player.
- Effective communication and excellent writing skills.
- Capacity of working with different and diverse teams.
- Keen attention to details and analytics skills are preferred.
- Good handling people.
- Problem-solving approach.
If you want to know more about us, follow us on https://es.linkedin.com/company/banco-santander
#LI-FB1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits CISO COBIT ISO 22301 NIST OWASP Risk analysis Risk assessment Risk management SOC SOC 2 Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.