Cyber Assurance & Architecture - OPENBANK
Join Openbank, the 100% digital bank of the Santander Group, where innovation meets opportunity! With over 2 million customers across Spain, Germany, the Netherlands, and Portugal, we're leading the way in digital banking. From loans and mortgages to a cutting-edge, fully automated investment platform, our products are transforming the industry.
At Openbank, we pride ourselves on simplicity, agility, and security, earning us the title of the most recommended Spanish bank among our customers. Technology is in our DNA, and we are constantly developing new digital solutions and products. We're proud to be a bank gaining more international presence, having just landed in the United States with plans to launch in Mexico.
If you're passionate about digital innovation, eager to make an impact, and ready to be part of a dynamic and forward-thinking company, then we want to hear from you!
Mission and Responsibilities:
The mission of the PCI Cybersecurity Compliance & Assurance is to ensure the company's adherence to Payment Card Industry Data Security Standards (PCI DSS) in a cloud-based environment. This role leads the PCI compliance strategy, working with cross-functional teams to implement security policies, manage audits, and assess risks. Additionally, the position is responsible for staying up to date on emerging cybersecurity threats and cloud security innovations.
Main Tasks:
* Lead the company's PCI DSS compliance program, ensuring all business and technical operations align with PCI requirements.
* Collaborate with cross-functional teams (IT, DevOps, Product Development, Legal) to ensure cloud-based systems and services meet PCI security standards.
* Develop, implement, and maintain policies, processes, and procedures for PCI compliance in a cloud environment.
* Serve as the subject matter expert (SME) on PCI DSS and cloud security, providing guidance and recommendations to senior leadership.
* Conduct regular assessments, audits, and gap analyses to ensure ongoing PCI compliance and identify potential risks or vulnerabilities.
* Manage relationships with Qualified Security Assessors (QSAs) and lead all PCI audits and reporting activities.
* Stay current with evolving cybersecurity threats, cloud security innovations, and PCI standards.
* Develop and deliver PCI DSS-related training to internal teams and stakeholders.
* Implement robust incident response protocols related to PCI data breaches.
* Act as a liaison between business units and the security team.
To be successful in the role you must have:
* Strong understanding of cloud security architectures (AWS, Azure, GCP) and cloud compliance frameworks.
* In-depth knowledge of the PCI DSS standard and experience leading PCI compliance programs.
* Experience with risk management, vulnerability management, and security incident response.
* Certifications such as PCI Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or similar are highly desirable.
* Strong communication and leadership skills.
* Experience working with QSAs and managing external audits.
* Analytical mindset with the ability to identify and assess security risks in complex, cloud-based systems.
* Experience in a fast-paced, innovative environment or startup setting.
* Familiarity with DevSecOps principles and cloud automation tools.
* Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field.
* Minimum of 4+ years of experience in PCI DSS compliance, with at least 2 years in a cloud-centric environment.
What do we offer?
* Joining a dynamic and agile company undergoing international expansion.
* Working in start-up mode with the support of the Santander Group.
* Competitive remuneration and attractive benefits package.
* Possibility of growth within the company and the Group.
* Collaborating on international projects in different countries.
* Excellent work environment, social clubs, and frequent events.
Openbank is an equal opportunity employer. All applicants will be considered as equal without paying attention to gender identity, sexual orientation, ethnicity, religion, age, political orientation, union membership, or disability status.
#J-18808-Ljbffr