Cyber Security Architect

We're seeking a passionate, innovative Cyber Security Architect to join our team of 10 cyber security enthusiasts in welcoming environment. We encourage your personal and professional growth. You will be able to take ownership of your work with the liberty to improve and shape our security framework and processes.

The principal mission of the Security Architect is to identify, analyze and define cybersecurity architecture for Santander Nordic Security solutions/platforms. Your responsibility is to secure enterprise information by planning, researching and designing robust security architecture and offer security support to IT projects, with security requirements analysis, solutions design, security testing support and risk management.

You will be working in with an inclusive, supportive team that values diverse perspectives.

Main activities:

• Responsible for ensuring that the Santander Nordic security architecture supports the business strategy and goals
• Responsible for detection of security gaps on projects and that architecture align with policies and frameworks
• Work with projects and business to frame security decisions as risk management decisions
• Communicate security gaps and enforce their resolution
• Define and maintain security principles, policies and standards
• Include security by design on every project, implement a secure software development life cycle, and provide a cyber technical design for each project and solutions (APIs, Big Data, Cloud, BC, WEB)
• Analyze trends and best practice to identify best-in-class security direction for Santander Nordic
• Supervise and follow up on security architectural issues for project and change-work throughout the organization
• Close Support to PMO for including cyber security in project process
• Execute project risk assessments
• Build good relationships with the business and user environment based on professional mutual trust
• Be the internal and external main contact point regarding IT security architecture
• Create cyber security blueprints to detailed describe capabilities within defined security domains.

Competencies & Skills:

• In depth knowledge of information technology, network security and security solutions and frameworks.
• In depth understanding of security and technology trends, requirements and regulatory drivers in Banking and Technology industries.
• Technical security knowledge – strong understanding of security threats and misconfigurations.
• Ability to understand the business context and technology landscape, manage uncertainties and apply best practices.
• Good knowledge of Information security standards (ie: ISO 27001) and EU related regulations (GDPR, PSD2, NIS)
• Expert level at IT and Cyber Security Risk management. Experience with quantification of Cyber Risk a plus (FAIR-model or other similar)
• Documented, relevant IT skills and practical experience with the application of one or more architecture framework (TOGAF, SABSA)

Personal Characteristics:

• Capable of working in a highly demanding and agile environment.
• Structured and result-oriented.
• Experience of being a member and contributing in a team.
• Good communication skills, ability to communicate complex technology in a simple manner.
• High level of English
• Excellent ability to bridge gaps in understanding and align stakeholders with different views.

Experience & Education:

• 5+ years of experience as Security Architect in a medium-sized / large business preferably from the financial industry.
• Relevant experience as a security solution architect in major business projects and from system development.
• Experience with deployments and implementations in both on premise and cloud infrastructures.
• Experience with supporting projects and initiatives with interpretation of security requirements and defining security architectures.
• Experience from risk analysis and assessment.
• Knowledge and experience with compliance requirements such as SOX, PCI, GDPR, PSD2, etc.
• Technical degree such in computer science, engineering or similar.
• Certifications within cyber/network security or IT audit/risk management
• Certification is a plus; CISSP, CEH, ISACA (CISM/CSX/CISA) or similar.
• Training or Certifications within one or more of the following is a plus; Cloud (Azure, AWS), IAM and Digital Identity, Open Banking and PSD2, Mobile Security, Security in DevOps.

What we offer:

• An opportunity to work in a large, high-performing international company, in a dynamic environment that is constantly changing.
• A corporate culture that is professional and dynamic, yet informal. Bureaucracy is kept to a minimum, as we expect our skilled employees to make long lasting and impactful decisions to shape our future.
• Highly competent, dedicated, and friendly co-workers with strong collaboration across the Nordics.

Are you interested?

If you have the right profile, will and enthusiasm, we encourages you to apply as soon as possible, but no later than 5th January 2025. Applications will be reviewed on a rolling basis, and the position will be filled once we find the ideal candidate.

If you have any questions about the position, you can contact Vidar Gran, vidar.gran[AT]gruposantander.com.