Info Security Governance & BCP bei Sabadell

Sabadell Overview

Sabadell is a global financial institution headquartered in Barcelona, Spain and one of Europe’s oldest and most successful banking groups since its founding in 1881. Sabadell covers all areas of the financial business sector under a common denominator: professional performance and quality. In the United States, Sabadell has operated with an International Full Branch since 1993. We offer Corporate Banking services to international companies in the American market, and Private Banking services primarily to Latin American high net worth individuals and families.

Responsibilities

Regulatory Governance & CISO Support

• Serve as primary drafter for all regulatory submissions (DORA, GLBA, ECB)  
• Support on preparing quarterly ITOOC materials and CISO briefing packages such as GIOC, IT Interlock
• Maintain enterprise security policies aligned to NIST CSF  
• Support developing CISO roadmap documents for 3Y planning

Audit & Examination Leadership

• Act as single point of contact for all audits (internal/external)  
• Coordinate evidence collection across IT, Legal, and Business Units  
• Draft management responses to findings (Must Fix List items)  
• Track remediation to closure via GRC dashboards

Risk Intelligence & Reporting

• Own the Cyber KRI program - collect, analyze and report to:  
• GIOC (monthly)  
•  ITOOC (quarterly)  
•  Regulators (as required)  

Maintain control mappings between different standards and frameworks (e.g GBLA – HO Risk Taxonomy, ISO 27001 to NIST)

CISO Development Program

• Rotational assignments:  
•  Q1: Shadow CISO in HO engagements  
•  Q2: Lead mock regulatory examination  
•  Q3: Draft Board-level risk report  
•  Q4: Support CISO by presenting as a CISO deputy on the GIOC meeting

Vendor Risk Assessment & Validation

• Conduct security risk validations for all IT Critical Vendors
• Maintain vendor risk register tracking:  
•  Control gaps (NIST 800-53)  
•  Remediation timelines  
•  Contractual security requirements  
• Perform annual vendor reassessments aligned to FFIEC Third-Party Guidance

Requirements

• Bachelor's degree in Cybersecurity, Risk Management, or related field and College Degree required
• 3–5 years in GRC, audit, or risk management (financial sector preferred)                                                                                                                         
• CRISC, CISA, or ISO 27001 LA desirable
• Regulatory Frameworks: NYDFS 500, GLBA, FFIEC CAT, NIST CSF, NIST 800-53  
• Tools: ServiceNow GRC, Smartsheet, Qualys
• Reporting: KRI/KPI dashboards, regulatory submissions 

Sabadell is an Equal Employment Opportunity