Chief Information Security Officer (CISO) - PagoNxt

Chief Information Security Officer (CISO) - PagoNxt

Country: Spain

SANTANDER is looking for a Chief Information Security Officer (CISO) for PagoNxt, based in our Boadilla del Monte (Madrid, Spain) office.

WHY YOU SHOULD CONSIDER THIS OPPORTUNITY

At Santander (www.santander.com), we push the boundaries and create innovative, customer-centric tech solutions for Santander. We collaborate to provide these world-class technical solutions by adopting Agile across our business as we digitally transform our platforms and services to create the bank of the future.

Santander is proud of being an organization where there are equal opportunities regardless of gender identity, culture and disability. Our mission is to contribute to help more people and business prosper.

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

PagoNxt is looking for contributing to the Group's strategy by making possible the operations of Santander's different businesses, by contributing to optimization, growth, and value creation; in addition to reducing risk and improving efficiency. Therefore, we help Santander to become the best open platform for financial services.

Cybersecurity is one of the Santander Group's main priorities and a crucial element to make Santander a cyber-resilient organization that can withstand, detect, and rapidly react to cyberattacks, while constantly evolving and improving our defences. The protection of systems, information and customers is a priority for the Group and a crucial component of Santander's purpose of "helping people and companies to prosper" and our goal of "offering excellent digital services for our customers”.

If you share our passion for technology and are up for the challenge, come join us!

WHAT YOU WILL BE DOING

PagoNxt is a company wholly owned by Santander that incorporates our most disruptive payments & trade businesses into a single, autonomous company, creating one of the largest private fintech companies in the world. It is one of the strategic initiatives enabling Santander to achieve the aim to be the world’s best open financial services platform.

The CISO for Pagonxt is responsible for the coordination of all cyber risk management activities in Pagonxt and its subsidiaries; it is responsible for supervising the correct implementation of cyber strategy in line with Group strategy, enable adoption of global defenses in the relevant areas and subsidiaries, drive implementation of Group minimum requirements, SOX and regulatory requirements (where applicable), policy, controls and reporting.

The role reports hierarchically to the T&O of PagoNxt with functional reporting line to the Global CISO and is also a member of the Global CISO Leadership Team.

Tasks and Responsibilities

Lead the Organization

• Set and supervise correct implementation for PagoNxt cyber security strategy in line with Santander Group’s Cyber Security Corporate Framework and Strategy, PagoNxt regulatory requirements and business needs.

• Leads the information security function across PagoNxt company to ensure consistent and high-quality information security management in support of the business goals.

• Ensure alignment of objectives and priorities for Pagonxt subsidiaries’ CISOs

• Oversee the budget for the information security function, monitoring and reporting.
   

Implement the Strategy

• Implements the information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate.

• Support and enable adoption of Santander global defenses across systems and information of PagoNxt.

• Implements and oversees a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.

• Works effectively with business units to facilitate information security risk assessment and risk management processes.
   

Build the Network and Communicate the Vision

• Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
   

Operate the Function

• Drive implementation of Santander Group´s cyber security minimum requirements, policies and regulatory requirements in PagoNxt.

• Implements a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.

• Facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings.

• Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.

• Manages and coordinates under the Global Respond instructions the information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation.

• Works with the Global Respond team to monitor the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action.

• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas.
   

Establish Governance and Build Knowledge

• Set up a CISO governance model to ensure adequeate alignment and oversight of subsidiaries’ CISOs book of work.

• Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders as part of a strategic enterprise risk management program, thus supporting business outcomes.

• Develops, socializes and coordinates implementation of security policies.

• Understands and interacts with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.

• Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
   

Requirements

Education, Training and Previous Experience

• Demonstrated experience and success in senior leadership roles in risk management, information security, or IT Security

• Degree in business administration or a technology-related field such in science or engineering.
   

Desired, but not required:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
   

Technical and Business Experience

• Knowledge and understanding of relevant legal and regulatory requirements regarding Cybersecurity.

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.

• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.

• Up-to-date knowledge of methodologies and trends in both business and IT.
   

Knowledge and Skills

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.

• Ability to lead and motivate the information security team to achieve tactical and strategic goals.

• Excellent stakeholder management skills.

• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Project management skills: financial/budget management, scheduling and resource management.

• A master of influencing decisions when achieving a desirable outcome is vital.
   

Personal Characteristics

• Poise and ability to act calmly and competently in high-pressure, high-stress situations.

• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.

• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.

• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.

• A critical thinker, with strong problem-solving skills.

• Strong problem-solving and trouble-shooting skills.

• Self-motivated and possessing of a high sense of urgency and personal integrity.
   

OTHER INFORMATION
 

Our team members come from very different types of companies, including banks, tech companies, trade companies, start-ups, and consulting firms. We believe in the power of diversity in backgrounds, nationality, gender, and more.

Would you like to grow with us? Join our team!

If you want to know more about us, follow us on https://es.linkedin.com/company/banco-santander