Ativa os alertas de emprego por e-mail!

Cybersecurity GRC specialist

Phiture

Lisboa

Presencial

EUR 40 000 - 60 000

Tempo integral

Há 16 dias

Resumo da oferta

Uma empresa de tecnologia em Lisboa procura um profissional para supervisionar a governança cibernética e gerenciar a postura de risco de segurança. O candidato ideal deve ter habilidades em gestão de riscos cibernéticos, desenvolvimento de políticas e conformidade legal, além de fluência em Português e Inglês. O trabalho envolve implementar programas de conscientização e coordenar avaliações de segurança com a equipe global de GRC.

Qualificações

  • Capacidade de identificar e comunicar riscos para decisões informadas.
  • Habilidade em desenvolver e implementar estratégias em conformidade com regulamentações.
  • Familiaridade com normas como SOC2 e ISO 27001.

Responsabilidades

  • Desenhar e gerenciar o Programa de Conscientização Cibernética da organização.
  • Monitorar a eficácia do programa usando KPIs.
  • Definir e supervisionar a implementação da estratégia cibernética.

Conhecimentos

Gestão de Risco Cibernético
Desenvolvimento de Políticas
Auditorias e Certificações
Compliance Legal e Regulatória
Gestão da Informação e Segurança
Comunicação Eficaz
Pensamento Crítico
Medidas de Desempenho

Formação académica

Certificações ISO 27001, CISM, CISSP
Descrição da oferta de emprego
Overview

Country: Portugal
Location: Lisboa

General Job Description
Set and supervise cyber governance in line with Global CISO Organization ensuring different teams of the Group work under a common model aligned with Santander business strategy and objectives; managing cyber security risk posture and complying with agreed internal policies and procedures and external regulations; coordinating the governance model and preparing official reporting to respective governing bodies in the entity.

Responsibilities
  • Design, implement, and manage the organization’s Cybersecurity Awareness Program aligned with Global CISO Organization. Develop engaging content (e-learning modules, phishing simulations, newsletters, and workshops) to promote a strong security culture.
  • Track and measure program effectiveness using KPIs (e.g., phishing click rates, training completion rates, employee risk scores).
  • Set and supervise the implementation of cyber strategy and objectives achievement, aligned with Group’s cyber strategy and delivery of on-demand strategic outputs to support operational teams.
  • Drive implementation and monitor of Group’s cybersecurity policies, standards and controls in the organization, in compliance with applicable laws, regulations and international standards (i.e. EBA/ECB, SOX, PCI, Swift, NIST, CIS, etc.) to manage cybersecurity emerging threats and risks trends.
  • Coordinate Subsidiary cyber teams to support Global GRC team in the execution of independent assessments, audits and regulatory inspections of cybersecurity controls and certifications reviews (e.g.: ISO, PCI DSS, SOX) performed by internal/external parties, and support on the remediation of recommendations.
  • Ensure that Subsidiary third-parties/vendor ecosystem is properly evaluated, assessed and managed to minimize risk exposure and risk impacts to the business, aligned with Group’s cybersecurity policies and standards
Requirements
  • Cybersecurity Risk Management: Ability to identify, assess, and communicate risks to support informed decision-making.
  • Policies & Standards: Skilled in developing and implementing cybersecurity strategies, policies, and procedures in compliance with regulations.
  • Security Certifications & Audits: Familiarity with frameworks like SOC2 and ISO 27001; ability to assess and improve security controls.
  • Legal & Regulatory Compliance: Understanding of key regulations (e.g., SOX, PCI, GDPR) and their impact on business operations.
  • Information Security Management: Application of cybersecurity and privacy principles to ensure confidentiality, integrity, and availability.
  • Data Reporting: Proficient in gathering and leveraging data from internal and external sources to support decision-making.
  • Critical Thinking & Decision-Making: Strong analytical skills to evaluate complex situations and make sound judgments.
  • Effective Communication: Ability to clearly convey technical and strategic information across diverse audiences.
  • Performance Measurement: Knowledge of techniques to assess and improve the effectiveness of cybersecurity initiatives.
  • Certifications (Preferred): ISO 27001 Lead Auditor, CISM, CRMA, CISA, CISSP.
  • Fluency in Portuguese and English
About Us

No Santander cada um de nós é “Risk Pro”. Isto significa ter a responsabilidade pessoal de identificar, avaliar, gerir e reportar eventuais riscos para o banco decorrentes do desempenho das nossas funções. Vamos dar-te o conhecimento e as ferramentas para seres Risk Pro em todas as situações. Esta cultura de riscos é fundamental para o Santander Way, a nossa forma de trabalhar.

O Banco dispõe, nos termos do previsto na Lei nº 93/2021 de 20 de dezembro, de um canal de denúncias – Canal Aberto, acessível através do link https://secure.ethicspoint.eu/domain/media/pteu/gui/105862/index.html

Obtém a tua avaliação gratuita e confidencial do currículo.
ou arrasta um ficheiro em formato PDF, DOC, DOCX, ODT ou PAGES até 5 MB.
TrustpilotImage showing a rating of 4.5 out of 5 stars on Trustpilot for JobLeads, indicating a high level of customer satisfaction.
Avaliação "Excelente" com base em 18 710 avaliações