Head of Cyber Governance, Risk and Compliance

Santander

Aug 17, 2024

Applications are closed

Job
Full-time
Expert Level
Madrid

Requirements

- Strong working knowledge, understanding and experience in building, driving, and maturing effective GRC programs.
- Track record in regular reporting on the status of the information security program to enterprise risk teams, senior business leaders as part of a strategic enterprise risk management program, thus supporting business outcomes
- Implementation of a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
- Supervision of processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Understanding and interaction with related disciplines, either directly or through committees, to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
- Ability to drive strategy, vision, direction, and prioritization on enterprise-wide projects and programs at the senior leadership level.
- Management of the budget for the information security function, monitoring and reporting
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior management to technical specialists
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
- Ability to lead and motivate the information security team to achieve tactical and strategic goals
- Excellent stakeholder management skills
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- A master of influencing decisions when achieving a desirable outcome is vital
- Ability to inspire engagement in people through leading by example and cultivating a culture of transparency and staff influence.
- Strong negotiating, conflict resolution, influencing and stakeholder management skills to ensure effective change management.
- Strong leadership skills to develop and lead a high performing team of experts.
- Strong problem solving and innovative mind-set to ensure a clear focus on the forward agenda.
- Ability to work under-pressure.
- Capable of producing high quality output with a strong focus on attention to detail.
- Strong communication skills, both written and verbal, to communicate effectively across a wide range of stakeholders.
- Ability to work effectively across cultures and geographies.
- Role model in Santander leadership behaviours, diversity and inclusion.
- Ability to lead by influence and act as a thought leader to achieve results across multiple teams and stakeholders outside of direct line of reporting.
- Successfully plans and manages complex activities and is highly effective at delivering quality solutions through others. Uses contingency planning, prioritization and delegation to achieve timely completion.
- Candidates must have effective negotiation skills, a proactive and ‘no surprises’ approach in communicating results, strength in sustaining independent views, and the ability to work effectively at the highest levels of the organisation, including the board level.
- Holds many perspectives, utilizing wealth and breadth of experience to guide future directions and decisions in an intuitive manner.
- A self-starter, self-motivated, self-disciplined, self-assured, and performance driven mentality.
- Strong integrity, independence & resilience.
- Makes sound, well-informed, and objective decisions that support accomplishment of organizational goals.

Responsibilities

- The Head of GRC will be responsible for setting and supervising the cybersecurity governance, risk and compliance program that ensures the strategic alignment of information security and Santander business objectives, ensuring different teams across Santander work under a common model and Strategy.
- He/She will be responsible for supporting Santander’s cybersecurity strategy implementation, managing cyber security risk posture and complying with agreed internal policies and procedures and external regulations; supervising the execution of independent assessments, audits and regulatory inspections of cybersecurity controls; coordinating the governance model, preparing official reporting to respective internal governance bodies and external governance parties.
- He/She will also be responsible to develop Business Information Security Officer (BISO) function, with the aim to bridge the gap between cybersecurity, business, and technology domains. BISO function is an extension of the CISO, acting as Cyber representative in the business unit in which is embedded.
- The role reports to the Santander Spain CISO & Fraud.

FAQs

What is the location for the Head of Cyber Governance, Risk and Compliance position?

The position is based in our Madrid office, Spain.

What is the primary mission of the Cybersecurity team at Santander?

The mission is to make Santander a cyber-resilient organization that can withstand, detect, and rapidly react to cyberattacks, while constantly evolving and improving defenses.

Who does the Head of GRC report to?

The Head of GRC reports to the Santander Spain CISO & Fraud.

What qualifications are required for the Head of GRC role?

Strong working knowledge and experience in building and maturing effective GRC programs, along with a track record of reporting on information security programs to enterprise risk teams and senior business leaders.

Are there specific leadership qualities preferred for this position?

Yes, candidates should possess excellent communication skills, the ability to inspire and motivate teams, strong stakeholder management skills, and the capability to lead and manage multiple projects under strict timelines.

Is a specific language requirement mentioned in the job description?

Yes, proficiency in Spanish is required.

Does this position involve budget management responsibilities?

Yes, the role includes managing the budget for the information security function, along with monitoring and reporting on it.

What type of team structure does the Head of GRC oversee?

The Head of GRC will lead and develop a high-performing team of experts in the information security domain.

What other competencies are important for candidates applying to this role?

Competencies such as Strategic Thinking, Cybersecurity Risk Management, Team Management, and Effective Communications are essential for this position.

What kind of experience is required regarding risk management and compliance?

Candidates should have experience with a risk-based process for assessing and mitigating information security risks that include third-party assessments and compliance with legal and regulatory regulations.

Santander

Here to help you prosper

Finance

Industry

10,001+

Employees

1857

Founded Year

Mission & Purpose

Santander is a leading global bank, founded in 1857 and headquartered in Spain, and is one of the largest banks in the world by market capitalisation. It provides a wide range of financial products and services, including personal and corporate banking, wealth management, and insurance. With a strong presence in Europe, Latin America, North America, and Asia, Santander's mission is to help people and businesses prosper by offering customer-centric solutions. Its purpose is to support growth and innovation while fostering responsible banking practices to benefit individuals, businesses, and communities.