Cyber Assurance & Architecture – OPENBANK
Santander
Our purpose is to help people and businesses prosper. We strive to make all we do Simple, Personal, and Fair.
Cyber Assurance & Architecture – OPENBANK
Country: Spain
Position: Technology Risk & Cybersecurity Associate Expert II
Join Openbank, the 100% digital bank of the Santander Group, where innovation meets opportunity! With over 2 million customers across Spain, Germany, the Netherlands, and Portugal, we're leading the way in digital banking. Our products are transforming the industry.
If you're passionate about digital innovation, eager to make an impact, and ready to be part of a dynamic and forward-thinking company, then we want to hear from you!
Mission and Responsibilities:
The mission of the PCI Cybersecurity Compliance & Assurance is to ensure the company's adherence to Payment Card Industry Data Security Standards (PCI DSS) in a cloud-based environment. This role leads the PCI compliance strategy, working with cross-functional teams to implement security policies, manage audits, and assess risks.
The main tasks of this position will include:
1. Lead the company’s PCI DSS compliance program, ensuring all business and technical operations align with PCI requirements.
2. Collaborate with cross-functional teams (IT, DevOps, Product Development, Legal) to ensure cloud-based systems and services meet PCI security standards.
3. Develop, implement, and maintain policies, processes, and procedures for PCI compliance in a cloud environment.
4. Serve as the subject matter expert (SME) on PCI DSS and cloud security, providing guidance and recommendations to senior leadership.
5. Conduct regular assessments, audits, and gap analyses to ensure ongoing PCI compliance and identify potential risks or vulnerabilities.
6. Manage relationships with Qualified Security Assessors (QSAs) and lead all PCI audits and reporting activities.
7. Stay current with evolving cybersecurity threats, cloud security innovations, and PCI standards.
8. Develop and deliver PCI DSS-related training to internal teams and stakeholders.
9. Implement robust incident response protocols related to PCI data breaches.
10. Act as a liaison between business units and the security team.
To be successful in the role you must have:
1. Strong understanding of cloud security architectures (AWS, Azure, GCP) and cloud compliance frameworks.
2. In-depth knowledge of the PCI DSS standard and experience leading PCI compliance programs.
3. Experience with risk management, vulnerability management, and security incident response.
4. Certifications such as PCI Professional (PCIP), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or similar are highly desirable.
5. Strong communication and leadership skills.
6. Experience working with QSAs and managing external audits and assessments.
7. Analytical mindset with the ability to identify and assess security risks.
8. Experience in a fast-paced, innovative environment or startup setting.
9. Familiarity with DevSecOps principles and cloud automation tools.
10. Strong project management skills, including experience with compliance initiatives in agile environments.
11. Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field.
12. Minimum of 4+ years of experience in PCI DSS compliance, with at least 2 years in a cloud-centric environment.
What do we offer?
1. Joining a dynamic and agile company undergoing international expansion.
2. Working in start-up mode with the support of the Santander Group.
3. Competitive remuneration and attractive benefits package.
4. Possibility of growth within the company and the Group.
5. Collaborating on international projects in different countries.
6. Excellent work environment, social clubs, and frequent events.
Openbank is an equal opportunity employer. All applicants will be considered as equal without regard to gender identity, sexual orientation, ethnicity, religion, age, political orientation, union membership, or disability status.
The personal data you provide as well as any data generated during the selection process are confidential and will be processed by Open Bank, S.A./ Open Digital Services, S.L. for the sole purpose of managing your participation in the selection processes and, where appropriate, to formalise your recruitment.
#J-18808-Ljbffr