Risk Technology Risk & Cybersecurity Specialist IIICountry: SpainIT STARTS HERE Santander () is evolving from a global, high-impact brand into a technology-driven organization , and our people are at the heart of this journey. Together , we are driving a customer-centric transformation that values bold thinking, innovation , and the courage to challenge what’s possible. This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference . Our mission is to contribute to help more people and businesses prosper . We embrace a strong risk culture and all our professionals at all levels are expected to take a proactive and responsible approach toward risk management. Santander Corporate & Investment Banking (Santander CIB) is Santander's global division that supports some of the world's most complex and sophisticated corporate and institutional clients, offering customized services and value-added wholesale products to best meet their needs. THE DIFFERENCE YOU MAKE SCIB s looking for a Senior Analyst — Cybersecurity Risk (LoD) based out of Boadilla (Madrid) We’re shaping the way we work through innovation, cutting-edge technology, collaboration and the freedom to explore new ideas. To succeed in this role, you will be responsible for: Lead LoD review & challenge of cybersecurity risk assessments, control evaluations, risk metrics, mitigation plans and risk acceptances; synthesize into clear risk opinions for senior stakeholders. Run targeted risk reviews of priority domains (e.G., IAM, network/firewall, vulnerability & patch management, cloud security, AppSec/containers, encryption/tokenization, DLP, logging/monitoring, incident response/SOC); track remediation to closure. Provide independent oversight on digital transformation and business change, assessing cyber risk impacts and required controls from design to go-live. Strengthen third-party/critical services risk management: certify services/vendors, challenge inherent risk scoring, assign residual risk ratings, and monitor remediation. Analyze cyber risk data (incidents—internal/external, KRIs, control gaps, risk register) to identify patterns, concentrations, and emerging hotspots. Evolve and transpose policies/frameworks to steer safe technology adoption; align to industry standards. Prepare clear, decision-ready governance reporting for committees and working groups; escalate issues with urgency and evidence. WHAT YOU’LL BRING Our people are our greatest strength. Every individual contributes unique perspectives that make us stronger as a team and as an organization. We’re enabling teams to go beyond by valuing who they are and empowering what they bring. The following requirements represent the knowledge, skills, and abilities essential for success in this role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Professional Experience ~– years in cybersecurity risk, technology risk, cyber audit or LoD/LoD roles in financial services or other highly regulated environments. (Required) Education Bachelor’s in Computer Science, Engineering or related (Required) Master’s a plus. (Prefered) Professional certifications strongly valued: CISA, CISM, CRISC, CISSP; plus cloud security (AWS/Azure/GCP). (Required) Languages Fluent English (Required) Technical expertise (you don’t need all, but you know many) IAM, network & firewall management, vulnerability/patch management, cloud security architecture, secure SDLC & containerization, encryption/tokenization, DLP, security logging & monitoring, incident detection & response, and offensive security understanding. Frameworks & practices NIST CSF, ISO /, COBIT, SOC /ISAE, OWASP; proven experience executing cyber risk oversight programs in LoD/LoD. How you work Strong risk judgment and documentation quality; ability to coordinate across teams, influence constructively, and drive issues to closure in a matrixed, international setting. What’s in it for you Real impact on the cyber resilience of a global