Santander
Global Chief Security Officer - CISO BSISA & Branches
Santander, Indianapolis, Indiana, 46262
Global Chief Security Officer - CISO BSISA & Branches Santander Our purpose is to help people and businesses prosper. We strive to make all we do Simple, Personal and Fair. BANCO SANTANDER INTERNATIONAL S.A Our company is an international private banking firm part of Grupo Santander, located in Geneva with an office in Zurich and branches located in Nassau (Bahamas) and Dubai. With around 300 employees, the company has its own IT department working very closely with the business in the continuous required digital transformation to excel the services to our clients, the target of our activity. Position Summary : The CISO will be responsible for implementing and running the enterprise cybersecurity program. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets, while supporting and advancing business objectives. The ideal candidate is a thought leader, a builder of consensus and bridges between business and technology. They are an integrator of people, processes, and technology. While the CISO is the leader of the cybersecurity program, they must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives. Ultimately, the CISO is a business leader and should have a track record of competency in the field of cybersecurity and/or risk management, with 7 to 10 years of relevant experience, including five years in a significant leadership role. Essential Duties and Responsibilities A) Serve as the primary point of contact between the cybersecurity function and global corporate function. Act as a subject matter expert (SME) between cybersecurity and the lines of business in the development of appropriate policies, standards, and frameworks. Allocate resources (e.g., security architects, engineers) to achieve outcomes. Continuously monitor trends to anticipate and plan for future impacts of cyber risk on a specific business unit (BU) or function. Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies, and standards set by the organization. Investigate security incidents and develop remediation plans in collaboration with stakeholders responsible for incident response. B) Establish Governance and Build Knowledge Facilitate a cybersecurity governance structure through the implementation of a hierarchical governance program, including the formation of a cybersecurity steering committee or advisory board. Provide regular reporting on the status of the cybersecurity program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes. Work with the vendor management office to ensure that cybersecurity requirements are included in contracts by liaising with vendor management and procurement organizations. C) Lead the Organization Lead the cybersecurity function across the company to ensure consistent and high-quality information security management in support of the business goals. Determine the cybersecurity approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas. Manage the budget for the cybersecurity function, monitoring and reporting discrepancies. D) Set the Strategy Develop a cybersecurity vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate. Develop, implement, and monitor a strategic, comprehensive cybersecurity program to ensure appropriate levels of confidentiality, integrity, and availability of information assets owned, controlled, or processed by the organization, as well as meeting safety, privacy, reliability, and resilience requirements as needed. E) Develop the Frameworks Enhance the security posture by adopting the Santander global cybersecurity framework that is applicable to the organization. Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations. Develop and own a document framework of continuously up-to-date cybersecurity policies, standards, and guidelines. Oversee the approval and publication of these cybersecurity policies and practices. F) Operate the Function Collaborate and liaise with the privacy officer to ensure that privacy requirements are included where applicable. Define and facilitate the processes for cybersecurity risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings. Ensure that security is embedded in the project delivery process by providing the appropriate cybersecurity policies, practices, and guidelines. Manage and contain cybersecurity incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation. Requirements A successful CISO candidate will have the expertise and skills described below. A. Education, Training and Previous Experience Demonstrated experience and success in senior leadership roles in risk management, cybersecurity, and IT or OT security. Degree in business administration or a technology-related field, or equivalent work- or education-related experience. Proficiency in English and Spanish. French will be highly desirable. Desired, but not required: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials. Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment. Experience with contract and vendor negotiations. B. Technical and Business Experience Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework. Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies. Up-to-date knowledge of methodologies and trends in both business and IT. Experience with risk assessment, incident response, and security audits. Experience with cloud security and DevOps. C. Knowledge and Skills Excellent communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Strategic leader and builder of both vision and bridges, able to energize the appropriate teams in the organization. Ability to lead and motivate the cybersecurity team to achieve tactical and strategic goals, even when only "dotted" reporting lines exist. Financial/budget management, scheduling, and workforce management. J-18808-Ljbffr