This Website Uses Cookies To Allow For Its Correct Operation And The Services Offered. For Further Information, Please Consult Ourcookie Policy.

Cyber & It Risk Management And Resilience

In this high-profile role, you will be responsible for implementing and overseeing the different initiatives included within the Risk Management Program according to the IT, Cyber and Resilience Risk Policies. The role will develop second line risk methodologies and concepts and all activities related to IT and Cyber including coordination and participation with Operational and Enterprise Risk Management exercises.

In this role you will be responsible to manage emerging risks, related ICT Third Parties, Business Continuity planning and Transformation risk projects.

You'll be a key member of the Op. risk team (3 members) within Banco Santander International SA (Geneva, Switzerland) helping to continuously update the bank risk appetite, setting and reviewing risk indicators and evaluating controls. The role gives the opportunity to participate in the development of several digital and strategic projects.

You will work with stakeholders from the bank and Santander Group IT and Cyber (mostly CIO and CISO), but also with Legal, Internal and External Audit and Risk & Compliance.

This role will report to the bank Chief Operational Risk and Data Protection Officer.

What You'll Be Doing

• Acts as an IT/Cyber subject matter expert while providing leadership, guidance, and mentorship to other project managers. With effective and collaborative relationship with all 1LoD and Group key stakeholders.
• Review the compliance of IT/Cyber, Third Parties, Business Continuity and Transformation Management policies and procedures related.
• Implement the Cyber oversight program. Including scope, control maturity capability (Holistic) and vulnerabilities follow-up.
• Supporting the Chief Operational Risk and Data Protection Officer to bring together a general picture of the technology and communication risks across the bank and providing advisory and guidance on new technologies risks.
• Maintaining oversight of Data Management risk across the bank.
• Responsible for Op. risk exercises related with IT & Cyber: events escalation and reporting, RCSA, KRIs, Scenario analysis, related insurances and mitigation actions.
• Implement the Resilience Business Continuity Management Policy, coordinating the implementation of the Business Continuity Plan, ensuring the deployment, maintenance and continuous improvement in corporate tool(Ark@). Includes Resilience Strategies, BIAs, RTOs, Scenarios and completing the Annual testing plan.
• Oversight of the Third Parties, reviewing IT and Cyber questionnaires, monitoring of their contracts, certifications and SLAs.
• Support on the bank fraud policy implementation.
• Responsible for the IT, Cyber and Resilience presentations materials for relevant forums IT & Cyber committee, Risk & Compliance committee, Op. risk Committee. Participation in specific forums: IT incidents, Vulnerabilities, Transformation, etc.
• Support and monitor the internal and external IT & Cyber audits reviews.
• Propose and follow mitigation actions for IT/Cyber incidents, weak controls or new threats.
• Maintaining up-to-date in-depth industry and technical expertise in the areas of focus, as well as related regulations (EBA ICT and security risk management, ENISA, FINMA, etc).
• Participating in certifying controls for ISAE3402.

What We're Looking For

• Expertise and in depth understanding of the risks arising from the deployment and use of ICT.
• Knowledge of key IT Security technologies and architecture (DLP, firewalls, Virtual Private Networks, vulnerability / penetration testing and other security devices).
• Understanding of private banking products is desirable.
• Knowledge of ICT regulations, especially DORA, Cyber Resilience Act, FINMA Circular 2023/1 Operational risks and resilience – banks.
• Experience working in an oversight function providing technical risk assurance.
• Experience in stakeholder engagement of IT and Cyber teams.
• Basic knowledge of Data Protection management.
• Knowledge of Artificial intelligence application and regulation is a plus.

Qualifications:

• Bachelor's Degree Computer Science, System Engineering, Technology discipline, or related field. Master's degree preferred.
• At least 3 years of experience in related roles (Cyber Security, Internal control, Internal or External audit, Op. risk resilience, etc).
• Technology and computer skills, with the ability to effectively use Microsoft Office (Word, Excel, Outlook, PowerPoint, Teams), other risk tools as GRC.
• Understand Auditing Accounting and IT general controls (Computer Operations, Access Controls Systems, Change Management, Database Management and Operating systems, etc).