Santander is looking for an engaged Cyber & Technology Risk Control Specialist
The Non-Financial Risk Management area (NFR) is part of Risk and a part of Santander Nordic's Second Line of Defense. NFR is responsible for carrying out risk management and control of risk matters within the area of non-financial risk. Non-financial risk includes the areas of Operational risk, Internal control, Business Continuity management, Cyber & Technology Risk and Fraud Risk.
As a 2nd Line of defense role, the Cybersecurity & Technology Risk Analyst, you would be reporting to the Cybersecurity & Technology Risk Manager. You would be responsible for the oversight and control of cybersecurity and technology risk and would further strengthen Santander's cyber resilience in the Nordic countries.
The Santander group adopts the NIST (National Institute of Standards and Technology) standards for the enterprise wide management of cyber security, across the key domains of NIST.
You would be responsible for providing an independent oversight and challenge to the 1st Line of defense on risk management through the risk governance tools like Operations Risk Indicators, Risk Identification and Assessment and Mitigation Plans governance. The mitigation plans for 2Lod governance, mainly arise from the gaps identified from IT & Cybersecurity incidents, Internal Audit Findings, Security Testing, Control Self Assessments and Policy Gap Analysis.
MAIN DUTIES/TASKS:
- Contribute to oversight and control of cyber and technology risk (as 2nd line in the Three Lines of Defense governance model).
- Contribute to completion of the Risk Self-Assessment and Holistic Evaluation process for cyber and technology risks and provide oversight and control of the outputs from all Nordic units across the 1st and 2nd lines of defense.
- Provide continual oversight and assurance of cyber and technology risk KPIs and KRIs to ensure effective management of cyber and technology risk by the 1st line of defense.
- Keep oversight and control of technology and cyber risk policies, procedures and processes via agreed governance processes.
- Review and challenge all cyber and technology risk-related documents or reports given to senior management team prior to submission.
- Oversee and track all Cyber Security and IT initiatives and IA recommendations related to technology or cyber risks.
- Promote and communicate cybersecurity and technology-related risk assessment in line with the need to protect the institution by means of a robust cyber and technology risk oversight and control environment.
- Work with relevant stakeholders and provide education and awareness of cyber risk assessment, cyber risk control and remediation to ensure consistent messages and support for the development of a cyber-security culture.
- Escalate situations of concern from a technology and cyber control and remediation standpoint, or that may mean a violation of the defined limits for the entity's risk appetite or strategy.
- Lead or participate in the development and implementation of initiatives within non-financial risk.
- Contribute to the development of a strong risk culture in the bank through training and communication.
- Actively contribute to reporting prepared by the Non-Financial Risk Monitoring & Reporting Unit.
QUALIFICATIONS AND COMPETENCE:
- Bachelors or Masters degree in Information Technology, Engineering or related technical field.
- 3+ years of experience in information security, IT audit or IT risk management.
- Understanding of Regulatory Compliance requirements from technology stand-point (GDPR, ICT, PCI-DSS, SOX).
- Experience in standards like NIST, ISO 27001, COBIT, ISAE 3402.
- Any certification on ISO 27000 LA, CISA, CISM, CISSP or CRISC is a plus.
- Technical knowledge of information-security principles, including risk assessment and management, application security and operating system hardening.
- Good understanding of domains such as Network security, Firewall audits, VA/PT, Access Management etc.
- Ability to connect cybersecurity and technology risks with business strategy and mandate.
- Working knowledge of Microsoft package and advanced user of Excel, PowerPoint and Word.
PERSONAL QUALITIES:
- Structured process oriented with strong planning and organizing skills
- Self-governing yet team player with solution driven attitude
- Strong problem solving and reporting skills.
- Good Program/Project management and stakeholder management skills along with effective communication & presentation.
- Excellent communication skills in Norwegian and English (both written and spoken).
WE OFFER:
- An opportunity to work in a large, high-performing international company. Our annual employee survey shows that we are one of Norway's most attractive workplaces, staffed by dedicated employees who enjoy their work and are proud to be part of Santander.
- A corporate culture that is professional and dynamic, yet informal too. Short decision lines and plenty of opportunities to be heard and to make a difference.
- An excellent working environment, with highly competent, dedicated and friendly co-workers who are always willing 'to go the extra mile'.
- An active company sports club. We are proud to support Right-To-Play and UEFA Champions League.
For more information about the position, please contact
Ajay Banwari
Cybersecurity and Technology Risk Manager, SCB Nordics;
Tel: +47 40724621
Om bedriften
We are a Nordic bank with more than 1,400 colleagues in Sweden, Norway, Denmark and Finland, and proud to be part of Banco Santander, one of the largest banks in the world with a solid history going back more than 160 years.
Our purpose is to help people and businesses prosper and we aim to be the best retail and commercial bank, earning the lasting loyalty of our people, customers, shareholders and communities - through simple, personal and fair banking.
In our organization we foster and value an engaged, challenging and passionate environment that provides opportunities for personal and professional growth. We operate in an ever changing environment, and believe the key to success is innovative involvement, a playful approach to active learning and continuous improvement in our daily work.
We are firmly committed to being a responsible bank in the way we operate, our culture, caring for our environment and giving back to society. Banco Santander is recognized as the most sustainable bank in the world following the publication of the Dow Jones Sustainability Index (DJSI) for 2019.
Read more about responsible banking on our global webpages.
Santander Consumer Bank is one of the largest Nordic banks providing loans and credits, credit cards, deposits and insurance to private customers.
To learn more about Santander in the Nordics, please visit our local webpages
https://www.santanderconsumer.no/
https://www.santanderconsumer.se/om-oss/
https://santanderconsumer.dk/om-os/
https://www.santanderconsumer.fi/