Vendor Risk Analyst – Cyber
Santander Portugal
Data: há 1 dia
Cidade: Lisboa, Lisboa
Tipo de contrato: Tempo total
Country: Portugal
As Vendor Risk Specialist in Cyber:
You will be a member of our European VRAC team based in Portugal (Lisbon).
You will be responsible for certifying and managing Vendors regarding Cyber and Contingency risks.
The main activities you will do in your day to day are:
The position requires proven experience in Security Governance and Risk Management beside a solid education in Cybersecurity and Information Technology.
What We Are Looking For
At Santander each one of us is a “Risk Pro”. This means taking personal responsibility for identifying, assessing, managing and reporting any risks to the bank arising from the performance of our duties.
We will give you the knowledge and tools to be Risk Pro in all situations. This risk culture is fundamental to the Santander Way, our way of working.
Under the terms of Law 93/2021 of December 20, the Bank has a whistleblowing channel - Open Channel, accessible via the link https://secure.ethicspoint.eu/domain/media/pteu/gui/105862/index.html.
Translated with DeepL.com (free version)
As Vendor Risk Specialist in Cyber:
You will be a member of our European VRAC team based in Portugal (Lisbon).
You will be responsible for certifying and managing Vendors regarding Cyber and Contingency risks.
The main activities you will do in your day to day are:
- Review and challenge of inherent risk scoring of critical services.
- Certificate critical services / vendors, establish and monitor remediation plans, and issue a residual risk rating.
- Reporting and collaboration with local CISO team regarding risk assessment results, continuous improvement of risk methodology, etc.
- Periodic reporting to local Cost / Risk areas and respective committees.
The position requires proven experience in Security Governance and Risk Management beside a solid education in Cybersecurity and Information Technology.
What We Are Looking For
- 3-5 years of experience working in in Cybersecurity / IT Risk / IT audit.
- Knowledge of information technology and security certifications, standards and frameworks such as ISAE 3000 | SOC 2, NIST CSF, ISO/IEC 27001, COBIT...
- Knowledge of IT Audit practices, IT Risk Management, Vulnerability Management, Security testing methodologies (OWASP, OSSTMM...).
- Communication and oral expression fluent in Portuguese and English; Spanish desirable.
- A strong candidate will also be able to manage multiple tasks simultaneously, and an enthusiastic team player.
- Effective communication and excellent writing skills.
- Keen attention to details and analytics skills are preferred.
- Capacity of working with different and diverse teams.
- Good handling people.
At Santander each one of us is a “Risk Pro”. This means taking personal responsibility for identifying, assessing, managing and reporting any risks to the bank arising from the performance of our duties.
We will give you the knowledge and tools to be Risk Pro in all situations. This risk culture is fundamental to the Santander Way, our way of working.
Under the terms of Law 93/2021 of December 20, the Bank has a whistleblowing channel - Open Channel, accessible via the link https://secure.ethicspoint.eu/domain/media/pteu/gui/105862/index.html.
Translated with DeepL.com (free version)
Veja mais empregos em Lisboa, Lisboa