Cybersecurity Architect

Job mission

Ensures that all products, services, and infrastructure for Banco Santander International SA customers, or those being used internally are secure by design and will meet an appropriate technology security level and demonstrate that all potential risks are being mitigated to an acceptable level to assure the confidentiality, integrity and availability of systems and data, according to relevant Santander and industry standards.

Leads in the design and development of enterprise-wide programs for information security. Optimizes the processes and standards of systems and network defence implementation to strength the attack surface and reduce risk. Establishes metrics and reporting capabilities for compliance to policies. Properly monitor and verify that technology teams implement proper security controls, fix misconfiguration and/or vulnerabilities and follow security recommendations.

Duties and responsibilities

Key responsibilities include:

RISK ASSURANCE & ARCHITECTURE

• Acts as the interface between the technical disciplines and the business to carry out technically orientated security assessments, setting security requirements for new products and services, and assessing compliance and risk.
• Provides security design and architecture guidance as well as general security consultancy across the business.
• Acts as cyber coach to projects and programme teams to ensure that future infrastructures and products are secure.
• Scopes and coordinates security penetration testing prior to product launch.
• Defines, communicates and ensures that suppliers and third parties understand and comply with security standards

ATTACK SURFACE MANAGEMENT

• Ensures recurring vulnerability and compliance scanning, reporting and driving remediation for every digital asset on the network and managed cloud environments..
• Track and follow with IT teams the key cybersecurity indicators like: cybersecurity tools deployment, status of vulnerabilities, compliance against hardening guides, configuration issues, etc.

NETWORK SECURITY

• Reviews and approves new firewall rules requests and performs periodic FW rules review

SSDLC

• Defines rules and standards for secure development and tracks the implementation through the development projects.

Experience and Qualifications

• BS or MA in computer science, cybersecurity or a related field
• [5+] years of experience in cybersecurity, especially in a security engineering and architecture role
• Knowledge of SecDevOps
• Knowledge of vulnerability management and pentesting (Qualys)
• Knowledge of general and industry applicable regulation and standards (GDPR, Sarbanes-Oxley Act, National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), etc.)

Desired, but not required:

• Certified information systems security professional (CISSP)

Technical and Business Experience

• Technical expertise in full-stack knowledge of IT infrastructure
• Proficiency with at least one scripting language (e.g., Perl, Python and PowerShell)
• Understands business needs and has a commitment to delivering high-quality, prompt and efficient service to the business
• Understands organizational mission, values, and goals and consistently applies this knowledge

Knowledge and skills

• Experience reviewing application code for security vulnerabilities
• Direct, hands-on experience using vulnerability management tools
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Knowledge of concepts, applications, technologies of cloud computing; ability to design and develop systems architectures that fulfill the cloud computing services
• Knowledge of the tools and techniques used for creating software, hardware, networking and application infrastructure; ability to meet information security objectives while using these.
• Knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organizational network operation and minimize negative effect by cybersecurity risks.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Strong problem-solving and trouble-shooting skills

Languages required:

• English
• Spanish

Languages desired, but not required:

• French