Vendor Risk Analyst – Cyber
Lisboa-Rua da Mesquita, Portugal
Santander
Our purpose is to help people and businesses prosper. We strive to make all we do Simple, Personal and Fair.As Vendor Risk Specialist in Cyber:
You will be a member of our European VRAC team based in Portugal (Lisbon).
You will be responsible for certifying and managing Vendors regarding Cyber and Contingency risks.
The main activities you will do in your day to day are:
- Review and challenge of inherent risk scoring of critical services.
- Certificate critical services / vendors, establish and monitor remediation plans, and issue a residual risk rating.
- Reporting and collaboration with local CISO team regarding risk assessment results, continuous improvement of risk methodology, etc.
- Periodic reporting to local Cost / Risk areas and respective committees.
What you will need to have – skills & responsibilities
The position requires proven experience in Security Governance and Risk Management beside a solid education in Cybersecurity and Information Technology.
What we are looking for
· 3-5 years of experience working in in Cybersecurity / IT Risk / IT audit.
· Knowledge of information technology and security certifications, standards and frameworks such as ISAE 3000 | SOC 2, NIST CSF, ISO/IEC 27001, COBIT...
· Knowledge of IT Audit practices, IT Risk Management, Vulnerability Management, Security testing methodologies (OWASP, OSSTMM...).
· Communication and oral expression fluent in Portuguese and English; Spanish desirable.
· A strong candidate will also be able to manage multiple tasks simultaneously, and an enthusiastic team player.
· Effective communication and excellent writing skills.
· Keen attention to details and analytics skills are preferred.
· Capacity of working with different and diverse teams.
· Good handling people.
International certifications or Master’ degree in the field of Cybersecurity, Control of Information Systems or Business Continuity will be valued positively.
At Santander each one of us is a “Risk Pro”. This means taking personal responsibility for identifying, assessing, managing and reporting any risks to the bank arising from the performance of our duties.
We will give you the knowledge and tools to be Risk Pro in all situations. This risk culture is fundamental to the Santander Way, our way of working.
Under the terms of Law 93/2021 of December 20, the Bank has a whistleblowing channel - Open Channel, accessible via the link https://secure.ethicspoint.eu/domain/media/pteu/gui/105862/index.html.
Translated with DeepL.com (free version)
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits CISO COBIT Governance NIST OWASP Risk assessment Risk management SOC SOC 2 Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.