Cyber & Technology Risk Control Leader

Do you want to be responsible for oversight and control of cyber & technology risk and strengthen Santander’s cyber resilience in the Nordic countries?

The Santander Group adopts the NIST standards for the enterprise wide management of cyber security, across 5 key domains defined in the framework. As a 2nd Line of defense role, the Cyber & Technology Risk Control Leader is accountable and responsible for oversight and control of cyber and technology risk, and to strengthen Santander’s cyber resilience in the Nordic countries.

Your tasks include:

• Be accountable and responsible for oversight and control of cyber and technology risk (as 2nd line in the Three Lines of Defence governance model).
• Ensure completion of the Risk Self-Assessment and Thematic Evaluation process for cyber and technology risks and provide oversight and control of the outputs from all Nordic units across the 1st and 2nd lines of defense.
• Provide continuous oversight and assurance of cyber and technology risk KPIs and KRIs to ensure effective management of cyber and technology risk by the 1st line of defense.
• Keep oversight and control of technology and cyber risk policies, procedures and processes via agreed governance processes.
• Review and challenge all cyber and technology risk-related documents or reports given to senior management team prior to submission.
• Overview all Cyber Security (IT) initiatives and IA recommendations related to technology or cyber risks.
• Promote and communicate cyber and technology-related risk assessment in line with the need to protect the institution by means of a robust cyber and technology risk oversight and control environment.
• Work with relevant stakeholders and provide education and awareness of cyber risk assessment, cyber risk control and remediation to ensure consistent messages and support for the development of a cyber-security culture.
• Escalate to management situations of concern from a technology and cyber control and remediation standpoint, or that may mean a violation of the defined limits for the entity’s risk appetite or strategy.
• Lead or participate in the development and implementation of initiatives within non-financial risk.

Competence & Skills

• Process analysis, redesign, transformation and implementation experience with strong problem solving skills.
• Strong project and change management skills with a methodical, structured and effective approach to bring the message across, influence and drive change.
• Technical knowledge of information-security principles, including risk assessment and management, application security and operating system hardening.
• Good organizational and team management skills.
• Ability to prioritize and manage different deliverables while quickly adapting to changing priorities and demands.
• Strong interpersonal, influencing and presentation skills and ability to explain information security concepts to audiences unfamiliar with this field.
• Independent worker, yet team player with ability to combine leading and coaching/supportive roles with strong problem-solving competence.
• Excellent written and oral communication, negotiation and presentation skills
• Strong working knowledge of Microsoft package and advanced user of Excel, PowerPoint and Word.
• Fluent in written and spoken English.

Experience

• 5 years working experience within: technological audit, IT security, CISO or IT risk related roles.
• Any certification on CISA, CISM, CISSP, CRISC, CEH, or Lead Auditor 27000 is an advantage.

Education

Master degree in Information Technology, Physics, Mathematics, Engineering or related technical field.

Personal Characteristics

• Highly motivated and strong driver, willing to go the extra mile and make a difference
• Willingness to take new challenges
• Process improvement agent
• Highly organized, efficient and proactive attitude
• Enjoy working independently and at high speed
• Willing to learn and interested in self-development
• Collaborative team player and relationship builder

What we offer:

• An opportunity to work in a large, high-performing international company, in a dynamic environment that is constantly changing

• A corporate culture that is professional and dynamic, yet informal. Bureaucracy is kept to a minimum, as we expect our skilled employees to make long lasting and impactful decisions to shape our future

• Highly competent, dedicated, and friendly co-workers with strong collaboration across the Nordics

Location: one of capitals of the Nordic region (Oslo, Copenhagen, Stockholm or Helsinki)

Interested?
If you have the right profile and enthusiasm for filling the role please submit your application and CV. Applications are considered on an ongoing basis.
Any questions about the position? Please contact recruiting manager Head of Non Financial Risk Tomasz Cychol, mail: Tomasz.Cychol@santanderconsumer.no