Cybersecurity Compliance & Security posture - SDS

Cybersecurity Compliance & Security posture - SDS Country: Spain. Santander Digital Services (SDS), the technology and operations arm of Santander, is building a team of cybersecurity professionals to support risk, compliance and security posture across cloud and on‑premises environments. We are looking for an engineer of cybersecurity for our offices in Boadilla del Monte with at least 4 years of experience in cybersecurity.

Our team operates with Agile and DevSecOps methodologies, embracing top technologies and a strong focus on business value and user experiences. We offer opportunities to work on high‑impact projects within a global financial services environment.

• Lead and implement the strategy for vulnerability management and hardening across the group, in the Global – Risk Control & Assurance team, covering multiple areas of work.
• Develop automations, scripts and utilities to support Compliance, Hardening and SSDLC processes.
• Develop a platform for reporting hardening and SSDLC non‑compliances, and create a framework to help entities prioritize and resolve findings.
• Support Compliance and Hardening processes by supervising and implementing market‑standard control frameworks (e.g., CIS, CSA, NIST) with centralized Compliance tools for both Public Cloud and On‑Prem environments.
• Develop and implement detective/preventive controls (validations with CSPM and Compliance tools, validations in IaC, Config Rules, Azure Policies, Google Policies) using risk‑based approaches.
• Collaborate with CTO Architecture teams and other Cybersecurity towers to coordinate compliance and SSDLC initiatives across on‑premises and public cloud environments.
• Participate in PoCs and evaluations of new cloud compliance and monitoring technologies.
• Show interest in developing technical and management capabilities with a view to growing within the team.
• Assist in Cloud governance mechanisms for entities by designing security metrics and reports related to the processes mentioned above.

• 2–3 years of IT / Cybersecurity experience, preferably in Public Cloud.
• Degree or professional training in information technology and cybersecurity.
• Certifications and training in security (CISA, CSX, CEH, CISSP, OSCP) and cloud platforms (Security Fundamentals, Security Architecture in Google Cloud Platform, AWS, Azure).
• Certifications, training or knowledge of development tools and languages (Python, PowerShell, Bash, PowerBI, Terraform, etc.).
• Strong English knowledge for analyzing technical documentation and intermediate English for meetings with partners in other countries.
• Ability to self‑learn, with a DevSecOps mindset and a focus on implementing security controls using a development‑oriented approach.

• Hybrid work model (some days remote, others in the office) with flexible hours.
• Travel opportunities to collaborate with teams in other countries and international assignments within different units and countries.
• Continuous technical and innovative training to stay up to date and advance your work.
• Career plan with growth and reward for effort and performance; competitive salary and bonus; financial benefits (e.g., favorable loan terms, pension plan, life insurance) and social benefits.

If this sounds like you, follow us or visit our website to learn more about Santander Digital Services.