Chief Information Security Officer

Chief Information Security Officer (CISO) - Lynx Financial Crime Tech Country: Spain **WHAT YOU WILL BE DOING** **Lynx Financial Crime Tech **is looking for a Chief Information Security Officer, based in our Madrid office.** **WHY YOU SHOULD CONSIDER THIS OPPORTUNITY** The mission of the Santander Group's Technology and Operations Division is to contribute to the Group's strategy by making possible the operations of Santander's different businesses, by contributing to optimization, growth and value creation; in addition to reducing risk and improving efficiency. Therefore, we help Santander to become the best open platform for financial services. As part of this Division, Cybersecurity is one of the Santander Group's main priorities and a crucial element to make Santander a cyber resilient organization that can withstand, detect and rapidly react to cyberattacks, while constantly evolving and improving our defences. The protection of systems, information and customers is a priority for the Group and a crucial component of Santander's purpose of "helping people and companies to prosper" and our goal of "offering excellent digital services for our customers”. If you share our passion for technology and are up for the challenge, come join us **WHAT YOU WILL BE DOING** The CISO position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. He/She should understand and articulate the impact of cybersecurity on (digital) business, and be able to communicate this to the senior stakeholders. The CISO must be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations. **Tasks and Responsibilities** **Lead the Organization** - Leads the information security function across the Entity to ensure consistent and high-quality information security management in support of the business goals - Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas - Manages the budget for the information security function, monitoring and reporting **Implement the Strategy** - Implements the security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate - Implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization - Works effectively with business units to facilitate information security risk assessment and risk management processes - Works with business units to get the required security and compliance certifications and audits **Build the Network and Communicate the Vision** - Creates the necessary internal networks among the information security team and line-of-business executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required **Operate the Function** - Implements a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties - Works with the compliance area to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy - Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable - Facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings - Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines - Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk - Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation - Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action - Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that co